EUVD-2026-34842
GHSA-qvf5-p4rv-885c
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation. The attack can be launched remotely. The exploit has been published and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Session fixation in tittuvarghese CollegeManagementSystem enables remote attackers to hijack authenticated user sessions by pre-setting a session identifier via the UserAuthData argument passed to session_start() in /login-form.php. Successful exploitation requires a victim to complete login through an attacker-crafted URL, granting the attacker access to the victim's authenticated session with partial confidentiality, integrity, and availability impact (C:L/I:L/A:L). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must be able to deliver a crafted URL to a target user and persuade that user to complete login through it - requiring social engineering or phishing (UI:R per CVSS). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 6.3 (Medium) reflects a network-accessible attack (AV:N) with low complexity (AC:L) and no required privileges (PR:N), but mandates user interaction (UI:R) - a meaningful friction point. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker generates a known session token and crafts a login URL for /login-form.php that injects this token via the UserAuthData parameter, then delivers it to a target user (student, faculty, or admin) via a phishing email or malicious link. The victim clicks the link, lands on the legitimate login page with the attacker's pre-set session ID in context, and completes authentication normally. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the maintainer has not responded to the disclosure. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Unauthenticated remote code execution in the JCE (Joomla Content Editor) extension for Joomla allows attackers to create
Authenticated remote code execution in Pheditor 2.0.1-2.0.3 lets any logged-in user with the default terminal permission
Remote code execution in YesWiki prior to 4.6.6 allows unauthenticated attackers to inject arbitrary PHP via the Bazar C
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
Authentication bypass in ealpha072's Student-Management-System PHP application exposes the administrative backend to rem
Share
External POC / Exploit Code
Leaving vuln.today