Skip to main content

School Student Management System EUVD-2026-33487

| CVE-2026-10167 MEDIUM
Improper Authentication (CWE-287)
2026-05-31 VulDB GHSA-8qf5-h752-qm2m
PHP Authentication Bypass
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 31, 2026 - 05:29 vuln.today
Severity Changed
May 31, 2026 - 05:22 NVD
HIGH MEDIUM
CVSS changed
May 31, 2026 - 05:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)

DescriptionCVE.org

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Authentication bypass in OUSL-GROUP-BrinaryBrains School Student Management System allows unauthenticated remote attackers to manipulate the 'role' argument in the sign_auth_cookie function, forging or escalating authentication cookies without valid credentials. All commits up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 are affected, publicly available exploit code exists (confirmed by CVSS E:P and a public GitHub issue), and no patch is available as the project has not responded to disclosure. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify internet-exposed School Student Management System
Delivery
Send crafted HTTP login request to affected endpoint
Exploit
Manipulate 'role' argument in sign_auth_cookie function
Execution
Receive forged authentication cookie with elevated role
Persist
Access application as privileged user
Impact
Exfiltrate or modify student records
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N confirms no special conditions - remote unauthenticated exploitation against default deployments of OUSL-GROUP-BrinaryBrains School Student Management System requires only network reachability to the login endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N establishes this as fully remote, low-complexity, unauthenticated exploitation requiring no user interaction - the most favorable conditions for an attacker. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted HTTP POST request to the application's login endpoint, supplying a manipulated 'role' argument (for example, 'admin') to the sign_auth_cookie function in Login.php. The function generates and returns an authentication cookie embedding the attacker-supplied role without server-side validation. …
Remediation No vendor-released patch is available at time of analysis - the project has not responded to the responsible disclosure submitted via GitHub issue #24. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49952 CRITICAL POC
9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
CVE-2026-49954 HIGH POC
8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
CVE-2026-27053 CRITICAL
9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
CVE-2026-49104 CRITICAL
9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

Share

EUVD-2026-33487 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy