QSearchQSearch

CVE-2026-11333

6.3 MEDIUM

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e...

Published: 2026-06-05 · Last updated: 2026-06-05

Severity and scoring

CVSS
6.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-284, CWE-434

Description

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard_page/forms/upload_student_data.php of the component Student Data Upload Endpoint. Such manipulation of the argument Student-Data-CSV leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-48610 Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability fou... (8.1 HIGH)
  • CVE-2026-47366 Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenti... (7.2 HIGH)
  • CVE-2026-44249 Netty is a network application framework for development of protocol servers and clients (8.1 HIGH)
  • CVE-2026-46489 SolidInvoice is an open-source invoicing platform (8.1 HIGH)
  • CVE-2026-45178 Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints