CVE-2026-10619— sayan365 student-management-system improper authentication
Possible ATT&CK Techniques 1AI
T1110 · Brute ForceGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10619
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
sayan365 student-management-system improper authentication
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. Multiple endpoints are affected. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| sayan365 | student-management-system | n/a | cpe:2.3:a:sayan365:student-management-system:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10619
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 7654 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-10619
请登录查看更多情报信息。
Proof of Concept for CVE-2026-10619 (2)
Other References for CVE-2026-10619 (1)
IV. Related Vulnerabilities
Same product: student-management-system
- CVE-2026-10272
a4m4 Student-Management-System deleteform.php improper autho - CVE-2026-10271
a4m4 Student-Management-System Admin Endpoint admin redirect - CVE-2026-10112
sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scr - CVE-2026-10111
sambitraj STUDENT-MANAGEMENT-SYSTEM Login Page sql injection - CVE-2026-9562
sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access control
Same weakness: CWE-287
- CVE-2026-45289
CloudburstMC Protocol: Partially missing validation for FULL - CVE-2026-49448
authentik: SourceStage bypass via empty POST - CVE-2026-49443
authentik: `UserSourceConnection.user` and `GroupSourceConne - CVE-2026-5076
ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanis - CVE-2026-10611
OTP bypass via plugin-based LDAP authentication in MISP when
V. Comments for CVE-2026-10619
No comments yet