CVE-2026-9438
Improper Resource Control in StudentManagementSystem
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-99 | The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the yashpokharna2555 StudentManagementSystem, specifically in an unknown function within the file courseDel.php. It involves manipulation of the argument ID, which leads to improper control of resource identifiers. This means an attacker can potentially manipulate which resources are accessed or deleted by altering the ID parameter.
The attack can be performed remotely, and the exploit has been made public, increasing the risk of exploitation. The product uses a rolling release system, so specific affected versions are not disclosed.
How can this vulnerability impact me? :
The vulnerability allows an attacker to improperly control resource identifiers by manipulating the ID argument. This can lead to unauthorized actions such as deleting or accessing resources that should be protected.
Since the attack can be performed remotely and the exploit is public, it increases the risk of unauthorized data modification or deletion, potentially impacting the integrity and availability of the system's data.