CVE-2026-2983 PUBLISHED

A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

• yan1451 (VulDB User) reporter

• VDB-347366 | SourceCodester Student Result Management System Bulk Import import_users.php access control
• VDB-347366 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #756135 | SourceCodester Student Result Management System 1.0 1.0 Improper Access Controls
• https://github.com/Shaon-Xis/SRMS-1.0---Unauthenticated-SMTP-Hijacking-to-Account-Takeover#-vulnerability-2-unauthenticated-bulk-account-injection-arbitrary-file-upload
• https://www.sourcecodester.com/

• Improper Access Controls CWE
• Incorrect Privilege Assignment CWE