Skip to main content

Cet Automated Grading System With Ai Predictive Analytics

3 CVEs product

Monthly

CVE-2026-14609 LOW Monitor

Session fixation in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 enables remote attackers to pre-set a known session identifier in a victim's browser, then hijack the authenticated session after the victim logs in. The CVSS 4.0 score of 2.9 reflects limited impact scope (low confidentiality, integrity, and availability) combined with high attack complexity, though a public exploit has been released (E:P). No CISA KEV listing indicates no confirmed widespread active exploitation at time of analysis.

Session Fixation Information Disclosure Cet Automated Grading System With Ai Predictive Analytics
NVD VulDB
CVSS 4.0
2.9
EPSS
0.3%
CVE-2026-12529 MEDIUM This Month

Improper access control in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 exposes the Student Self-Registration Endpoint (/index.php) to unauthenticated remote exploitation. The CWE-284 root cause, combined with the 'Authentication Bypass' tag, indicates that the self-registration flow fails to enforce intended access boundaries, potentially allowing unauthenticated users to access, manipulate, or enumerate data beyond their authorized scope. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog.

Authentication Bypass PHP Cet Automated Grading System With Ai Predictive Analytics
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-12176 LOW Monitor

Cross-site scripting in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via the unsanitized `action` parameter in `/index.php`. Publicly available exploit code exists (CVSS 4.0 E:P), and the attack requires no authentication, only that a victim interact with a crafted URL or request. No vendor-released patch has been identified at time of analysis.

PHP XSS Cet Automated Grading System With Ai Predictive Analytics
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
EPSS 0% CVSS 2.9
LOW Monitor

Session fixation in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 enables remote attackers to pre-set a known session identifier in a victim's browser, then hijack the authenticated session after the victim logs in. The CVSS 4.0 score of 2.9 reflects limited impact scope (low confidentiality, integrity, and availability) combined with high attack complexity, though a public exploit has been released (E:P). No CISA KEV listing indicates no confirmed widespread active exploitation at time of analysis.

Session Fixation Information Disclosure Cet Automated Grading System With Ai Predictive Analytics
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Improper access control in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 exposes the Student Self-Registration Endpoint (/index.php) to unauthenticated remote exploitation. The CWE-284 root cause, combined with the 'Authentication Bypass' tag, indicates that the self-registration flow fails to enforce intended access boundaries, potentially allowing unauthenticated users to access, manipulate, or enumerate data beyond their authorized scope. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog.

Authentication Bypass PHP Cet Automated Grading System With Ai Predictive Analytics
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Cross-site scripting in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via the unsanitized `action` parameter in `/index.php`. Publicly available exploit code exists (CVSS 4.0 E:P), and the attack requires no authentication, only that a victim interact with a crafted URL or request. No vendor-released patch has been identified at time of analysis.

PHP XSS Cet Automated Grading System With Ai Predictive Analytics
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy