### Key Information - **Vulnerability ID**: CVE-2026-2983, VDB-347366, GCVE-100-347366 - **System**: SourceCodester Student Result Management System 1.0 - **File Path**: /admin/core/import_users.php - **Component**: Bulk Import - **Vulnerability Type**: File Access Control - **CVSS Meta Temp Score**: 6.6 - **Current Exploit Price**: $0-$5k - **CTI Interest Score**: 3.40 - **CVE**: CVE-2026-2983 ### Vulnerability Description This vulnerability is described as "critical" and exists in an unknown function within the `/admin/core/import_users.php` file of SourceCodester Student Result Management System 1.0, affecting the Bulk Import component. Manipulation of the `File` parameter can lead to an access control vulnerability. The attack can be executed remotely, and tools to exploit this vulnerability are already available. ### Vulnerability Details This vulnerability is classified as critical and affects an unknown code block in the `/admin/core/import_users.php` file, which belongs to the Bulk Import component. Manipulating the `file` parameter with unknown input leads to an access control vulnerability. The CWE classification for this issue is CWE-284. The product fails to properly select or restrict access to resources by unauthorized users, impacting confidentiality, integrity, and availability. The advisory is available at github.com. This vulnerability is assigned CVE-2026-2983. The vulnerability is known to be easily exploitable, can be initiated remotely, and can be exploited without authentication. Technical details and publicly available tools for exploiting this vulnerability have been disclosed. This vulnerability belongs to T1068 in the MITRE ATT&CK project.