CVE-2026-10167: Improper Authentication in OUSL-GROUP-BrinaryBrains School Student Management System
A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
AI Analysis
Technical Summary
This vulnerability exists in the sign_auth_cookie function of the MY_Controller component within the Login.php file of the OUSL-GROUP-BrinaryBrains School Student Management System. An attacker can remotely manipulate the 'role' parameter to bypass authentication controls, leading to improper authentication. The product uses rolling releases, so specific affected or fixed versions are not identified. The issue was reported early to the project, but no official fix or response has been published. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, with low to low impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an attacker to bypass authentication mechanisms remotely by manipulating the 'role' argument, potentially granting unauthorized access to the system. This could lead to unauthorized actions within the School Student Management System. However, the impact is rated medium, reflecting limited but significant risk. No known active exploitation in the wild has been reported.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Since the vendor has not responded and no fixed versions are published, users should monitor the vendor's channels for updates. In the meantime, restricting access to the affected system and implementing additional authentication controls externally may reduce risk. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-10167: Improper Authentication in OUSL-GROUP-BrinaryBrains School Student Management System
Description
A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
CVSS v4.0
Score 6.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the sign_auth_cookie function of the MY_Controller component within the Login.php file of the OUSL-GROUP-BrinaryBrains School Student Management System. An attacker can remotely manipulate the 'role' parameter to bypass authentication controls, leading to improper authentication. The product uses rolling releases, so specific affected or fixed versions are not identified. The issue was reported early to the project, but no official fix or response has been published. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, with low to low impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an attacker to bypass authentication mechanisms remotely by manipulating the 'role' argument, potentially granting unauthorized access to the system. This could lead to unauthorized actions within the School Student Management System. However, the impact is rated medium, reflecting limited but significant risk. No known active exploitation in the wild has been reported.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Since the vendor has not responded and no fixed versions are published, users should monitor the vendor's channels for updates. In the meantime, restricting access to the affected system and implementing additional authentication controls externally may reduce risk. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-30T09:31:01.086Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1c914fe29bf47b50554549
Added to database: 5/31/2026, 7:51:43 PM
Last enriched: 5/31/2026, 8:03:51 PM
Last updated: 6/2/2026, 4:49:16 AM
Views: 17
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.