CVE-2026-10167 | OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 MY_Controller Login.php sign_auth_cookie role improper authentication

A vulnerability was found in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 and classified as critical. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication.

This vulnerability is registered as CVE-2026-10167. It is possible to launch the attack remotely. Furthermore, an exploit is available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More