MEDIUM
a4m4
CVE published 2026-06-01
CVE-2026-10272
A vulnerability in a4m4 Student-Management-System up to commit f0c5f6842c5e8c431ff02b5260a565ca844df3a0 allows improper authorization via the sid parameter in admin/deleteform.php. The attack can be launched remotely and the exploit has been publicly disclosed. The project uses rolling releases and has not yet responded to the issue report.