CVE-2026-11333

Description

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard_page/forms/upload_student_data.php of the component Student Data Upload Endpoint. Such manipulation of the argument Student-Data-CSV leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

PUBLISHED Reserved 2026-06-05 | Published 2026-06-05 | Updated 2026-06-09 | Assigner VulDB

Problem types

Unrestricted Upload

Improper Access Controls

Product status

Timeline

Credits

Sw0rd (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/368871 (VDB-368871 | tittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted upload) vdb-entry technical-description

vuldb.com/vuln/368871/cti (VDB-368871 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-11333 (CVE-2026-11333 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/832530 (Submit #832530 | tittuvarghese CollegeManagementSystem 1.0 Unrestricted File Upload Leading) third-party-advisory

github.com/tittuvarghese/CollegeManagementSystem/issues/2 exploit issue-tracking

github.com/tittuvarghese/CollegeManagementSystem/ product

cve.org (CVE-2026-11333)

nvd.nist.gov (CVE-2026-11333)

Download JSON