CVE-2026-11335

tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

CVSS 5.3 MEDIUMEPSS 0.2%CWE-384

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 5.3EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

05 Jun 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation. The attack can be launched remotely. The exploit has been published and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

tittuvarghese · CollegeManagementSystem

public PoCs found — 1

cve_referencegithub.com/tittuvarghese/CollegeManagementSystem/issues/4unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/tittuvarghese/CollegeManagementSystem/https://github.com/tittuvarghese/CollegeManagementSystem/issues/4 https://vuldb.com/cve/CVE-2026-11335 https://vuldb.com/submit/832564 https://vuldb.com/vuln/368873 https://vuldb.com/vuln/368873/cti