EUVD-2026-34022
GHSA-4849-p72j-5rw9
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Authentication bypass in sayan365's Student Management System exposes multiple protected endpoints to remote unauthenticated attackers, allowing unauthorized access to application functionality across the entire codebase up to commit 7f3c9ce7d410332335c2affac93a385485051800. The CVSS 4.0 vector confirms trivial, unauthenticated network exploitation (AV:N/AC:L/AT:N/PR:N/UI:N), and publicly available exploit code exists per the E:P maturity modifier and GitHub issue #4. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against default configurations of sayan365 Student Management System. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.5 (Medium) is driven by low Confidentiality, Integrity, and Availability impact values (VC:L/VI:L/VA:L), which tempers the score despite the highly permissive attack vector (AV:N/AC:L/AT:N/PR:N/UI:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker scans for internet-accessible instances of the student-management-system using the public exploit code referenced in GitHub issue #4, then sends crafted unauthenticated HTTP requests directly to protected administrative or student-record endpoints, bypassing authentication entirely. Because attack complexity is low and no user interaction is required, this process can be automated against multiple targets simultaneously. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the maintainer has not responded to the responsible disclosure filed via GitHub issues #3 and #4 (https://github.com/sayan365/student-management-system/issues/3). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today