CVE-2026-5669

A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possibl...

CVE-2026-5642

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...

CVE-2026-5671

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...

CVE-2026-5670

Cyber-III Student-Management-System (up to commit 1a938fa61e9f735078e9b291d2e6215b4942af3f) contains a vulnerability in move_uploaded_file within /AssignmentSection/submission/upload.php. Manipulating the File argument permits unrestricted file upload, with remote initiation and public exploitati...

CVE-2026-5642

Cyber-III Student-Management-System is affected up to commit 1a938fa61e9f735078e9b291d2e6215b4942af3f. The vulnerability lies in the HTTP POST Request Handler for /viva/update.php where manipulating the argument Name causes improper authorization. It can be initiated remotely and an exploit has b...

PT-2026-30593

A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This impacts an unknown function of the file /admin/Add%20notice/notice.php of the component Admin Add Endpoint. Such manipulation of the argument $ SERVER'PHP SELF' leads to cros...

PT-2026-30594

A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $ SERVER'PHP SELF' results in cross site scripting...

PT-2026-30679

Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System versions up to 1a938fa61e9f735078e9b291d2e6215b4942af3f Description A SQL injection issue exists in the Parameter Handler component of Cyber-III Student-Management-System. The vulnerability is located in the...

PT-2026-30591

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...

PT-2026-30689

Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System affected versions not specified Description A cross-site scripting issue exists due to manipulation of the batch argument in the Class Schedule Deletion Endpoint, specifically within the file...