These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-11336 is an improper authorization vulnerability in the College Management System. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument UserAuthData leads to improper authorization. The attack may be initiated remotely.
A session fixation vulnerability was found in the College Management System. This issue affects the session_start function in the /login-form.php file, allowing an attacker to manipulate the UserAuthData argument. The attack can be launched remotely. The product does not use versioning, making it difficult to determine affected and unaffected releases.
A SQL injection vulnerability was detected in the College Management System, specifically in the `dashboard_page/forms/fetch.php` file. The vulnerability is caused by a manipulation of the `department_code` argument, which allows for remote exploitation. The exploit is now public and may be used. The product uses continuous delivery with rolling releases, so no version details of affected or updated relea [truncated]
CVE-2026-11333 is a security vulnerability detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard_page/forms/upload_student_data.php of the component Student Data Upload Endpoint. Such manipulation of the argument Student-Data-CSV leads to unrestricted upload. It [truncated]