CVE-2026-10272 | a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0 admin/deleteform.php sid improper authorization

A vulnerability categorized as critical has been discovered in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization.

This vulnerability is referenced as CVE-2026-10272. It is possible to launch the attack remotely. Furthermore, an exploit is available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-10272 | a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0 admin/deleteform.php sid improper authorization

Post correlati

CVE-2024-29927 | HasTheme WishSuite Plugin up to 1.3.7 on WordPress cross site scripting

CVE-2023-41999 | Arcserve UDP up to 9.1 Management Console improper authentication

CVE-2024-50080 | Linux Kernel up to 6.6.57/6.11.4 ublk buffer overflow (6414ab5c9c9c/8f3d5686a240/42aafd8b48ad)

CVE-2025-10123 | D-Link DIR-823X up to 250416 set_static_leases sub_415028 Hostname command injection