EUVD-2026-35005

🗓️ 08 Jun 2026 01:00:11Reported by EUVDType

Security flaw in Kushan2k student management system allows remote unrestricted upload via manipulated stimg in RegisterService.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-11474	8 Jun 202601:00	–	attackerkb
CVE	CVE-2026-11474	8 Jun 202601:00	–	cve
Cvelist	CVE-2026-11474 Kushan2k student-management-system Registration Endpoint RegisterService.php unrestricted upload	8 Jun 202601:00	–	cvelist
NVD	CVE-2026-11474	8 Jun 202601:16	–	nvd
Positive Technologies	PT-2026-47206	8 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "11e2c7f5-c05c-3ef9-a1b8-adf2bf28180d",
        "vendor": {
          "name": "Kushan2k"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "ce262675-c87f-3dfa-ac1a-0c7d998f6eca",
        "product": {
          "name": "Student-Management-System",
          "vendor": {
            "name": "Cyber-III"
          }
        },
        "product_version": "f16a4ceaddd6729c4b306ed4641cda3176c1ef2a"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/369094
vuldb	www.vuldb.com/vuln/369094/cti
vuldb	www.vuldb.com/cve/CVE-2026-11474
vuldb	www.vuldb.com/submit/833933
github	www.github.com/Kushan2k/student-management-system/issues/1
github	www.github.com/Kushan2k/student-management-system/

08 Jun 2026 01:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3