CVE-2026-10168— OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource injection
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OUSL-GROUP-BrinaryBrains | School Student Management System | 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10168
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对资源描述符的控制不恰当(资源注入)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OUSL-GROUP-BrinaryBrains | School Student Management System | 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 | cpe:2.3:a:ousl-group-brinarybrains:school_student_management_system:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10168
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10168
请登录查看更多情报信息。
Other References for CVE-2026-10168 (1)
Same Patch Batch · OUSL-GROUP-BrinaryBrains · 2026-05-31 · 3 CVEs total
| CVE-2026-10167 | 7.3 HIGH | OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_aut |
| CVE-2026-10169 | 3.7 LOW | OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.p |
IV. Related Vulnerabilities
Same weakness: CWE-99
- CVE-2026-9438
yashpokharna2555 StudentManagementSystem courseDel.php resou - CVE-2026-33603
Open-Xchange OX Dovecot Pro 安全漏洞 - CVE-2026-7303
Xuxueli xxl-job Execution Log JobLogController.java logDetai - CVE-2026-5414
Newgen OmniDocs WebApiRequestRedirection resource injection - CVE-2026-5031
BichitroGan ISP Billing Software Endpoint users-view resourc
V. Comments for CVE-2026-10168
No comments yet