CVE-2026-10169— OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OUSL-GROUP-BrinaryBrains | School Student Management System | 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10169
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_password of the file application/controllers/Login.php of the component Forgot Password Endpoint. The manipulation of the argument email results in weak password recovery. The attack can be launched remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
忘记口令恢复机制弱
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OUSL-GROUP-BrinaryBrains | School Student Management System | 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 | cpe:2.3:a:ousl-group-brinarybrains:school_student_management_system:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10169
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10169
请登录查看更多情报信息。
News Coverage for CVE-2026-10169 (1)
Same Patch Batch · OUSL-GROUP-BrinaryBrains · 2026-05-31 · 3 CVEs total
| CVE-2026-10167 | 7.3 HIGH | OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_aut |
| CVE-2026-10168 | 6.3 MEDIUM | OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource injec |
IV. Related Vulnerabilities
Same weakness: CWE-640
- CVE-2026-7459
Simple History – Track, Log, and Audit WordPress Changes <= - CVE-2026-35676
phpMyFAQ - Unauthenticated Password Reset via User Password - CVE-2026-9609
QianFox FoxCMS Admin.php edit password recovery - CVE-2026-9466
Tiandy Easy7 Integrated Management Platform API Endpoint upd - CVE-2026-42606
AzuraCast: Password Reset Poisoning via Untrusted X-Forwarde
V. Comments for CVE-2026-10169
No comments yet