CVE-2026-9438
Deferred Deferred - Pending Action
Improper Resource Control in StudentManagementSystem

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: VulDB

Description
A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9438
EUVD
EUVD-2026-31647
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-99 The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the yashpokharna2555 StudentManagementSystem, specifically in an unknown function within the file courseDel.php. It involves manipulation of the argument ID, which leads to improper control of resource identifiers. This means an attacker can potentially manipulate which resources are accessed or deleted by altering the ID parameter.

The attack can be performed remotely, and the exploit has been made public, increasing the risk of exploitation. The product uses a rolling release system, so specific affected versions are not disclosed.

Impact Analysis

The vulnerability allows an attacker to improperly control resource identifiers by manipulating the ID argument. This can lead to unauthorized actions such as deleting or accessing resources that should be protected.

Since the attack can be performed remotely and the exploit is public, it increases the risk of unauthorized data modification or deletion, potentially impacting the integrity and availability of the system's data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9438. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart