PatchSiren cyber security CVE debrief
CVE-2026-11335 tittuvarghese CVE debrief
A session fixation vulnerability was found in the College Management System. This issue affects the session_start function in the /login-form.php file, allowing an attacker to manipulate the UserAuthData argument. The attack can be launched remotely. The product does not use versioning, making it difficult to determine affected and unaffected releases.
- Vendor
- tittuvarghese
- Product
- CollegeManagementSystem
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of the College Management System should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 2.1 and a severity of LOW. It is classified under CWE-384. The attack vector is AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
LOW
Recommended defensive actions
- Apply patches or updates as soon as they are available.
- Use secure coding practices to prevent similar vulnerabilities.
Evidence notes
The vulnerability was reported to the project early through an issue report, but the project has not responded yet.
Official resources
CVE-2026-11335 was published on 2026-06-05T15:16:51.540Z and modified on 2026-06-05T16:04:48.437Z.