CVE-2026-11476 | Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a Profile Update Endpoint AdminController.php edit-admin isadmin improper authorization

A vulnerability classified as critical has been found in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument isadmin leads to improper authorization.

This vulnerability is referenced as CVE-2026-11476. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-11476 | Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a Profile Update Endpoint AdminController.php edit-admin isadmin improper authorization

Post correlati

CVE-2025-1579 | code-projects Blood Bank System 1.0 /admin/user.php email cross site scripting

CVE-2024-6504 | Rapid7 InsightVM 6.6.178/6.6.179/6.6.244 REST Request resource consumption

CVE-2024-33799 | campcodes Complete Web-Based School Management System 1.0 /model/get_teacher.php id sql injection

CVE-2022-48664 | Linux Kernel up to 5.10.146/5.15.70/5.19.11/6.0 btrfs cow_file_range_inline denial of service