Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
SourceCodester Student Result Management System: Remote Access Risk
CVE-2026-2938
Summary
An open-source student management system has a security flaw that allows hackers to access the system remotely. If exploited, this could lead to unauthorized access to sensitive data or system settings. Update the software to the latest version or replace it with a secure alternative to prevent this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| munyweki | student_result_management_system | 1.0 | – |
Original title
A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulat...
Original description
A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-284
Improper Access Control
- https://github.com/Shaon-Xis/SRMS-1.0---Unauthenticated-SMTP-Hijacking-to-Accoun... Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347310 Permissions Required VDB Entry
- https://vuldb.com/?id.347310 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.755345 Third Party Advisory VDB Entry
- https://www.sourcecodester.com/ Product
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026