A LOW-severity vulnerability (CVSS 4.0: 2.1) in the OUSL-GROUP-BrinaryBrains School Student Management System affects the `marks` function within `application/controllers/Parents.php`. The flaw stems from improper control of resource identifiers (CWE-99) via manipulation of the `param1` argument, permitting remote attackers to access or modify resources without proper authorization. The project uses conti [truncated]
MEDIUMOUSL-GROUP-BrinaryBrainsCVE published 2026-05-31
A medium-severity improper authentication vulnerability (CWE-287) affects OUSL-GROUP-BrinaryBrains School Student Management System up to commit 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. The vulnerability resides in the `sign_auth_cookie` function within `application/controllers/Login.php` of the `MY_Controller` component. An attacker can remotely manipulate the `role` argument to bypass authentication co [truncated]
