CVE-2026-2983
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Analysis
SourceCodester Student Result Management System 1.0 contains improper access controls in the bulk user import functionality that allows unauthenticated remote attackers to manipulate file parameters and gain unauthorized access. Public exploit code exists for this vulnerability, though no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Immediately disable or restrict access to the /admin/core/import_users.php file to trusted administrators only; audit recent import activity for unauthorized changes. Within 7 days: Implement network segmentation to isolate the application; conduct a full security assessment of the import functionality and related data modifications. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today