PatchSiren cyber security CVE debrief
CVE-2026-11532 imvks786 CVE debrief
A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The issue affects an unknown function of the file /add.php of the component Student Record Handler. This weakness can lead to improper access controls and can be exploited remotely. The exploit has been made publicly available and could be used for attacks. The product uses a rolling release system for continuous delivery, and version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
- Vendor
- imvks786
- Product
- student_management_system
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46 should be aware of this weakness and take appropriate actions to mitigate the risk.
Technical summary
The weakness is caused by improper access controls in the /add.php file of the Student Record Handler component. This can be exploited remotely, and a public exploit is available.
Defensive priority
LOW
Recommended defensive actions
- Apply patches or updates as soon as they are available.
- Restrict access to the /add.php file of the Student Record Handler component.
- Monitor the system for suspicious activity.
Evidence notes
The CVE-2026-11532 weakness has a CVSS score of 2.1 and is classified as LOW severity. The weakness was published on 2026-06-08T17:16:40.363Z and modified on 2026-06-09T01:34:33.987Z.
Official resources
CVE-2026-11532 was published on 2026-06-08T17:16:40.363Z and modified on 2026-06-09T01:34:33.987Z.