CVE Catalog

CVE-2026-14608

MediumCVSS 4.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

A security vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0, allowing authorization bypass. The issue is in the /index.php?action=view_student file, where manipulation of the ID argument leads to unauthorized access.

Risk Assessment

An attacker can remotely access student data without proper authorization, potentially leading to data leakage and compromise of the grading system's integrity.

Recommendation

Update the system to the latest version or apply a security patch immediately. Until then, restrict access to /index.php?action=view_student and implement server-side validation of the ID argument.

Original NVD description (English source)

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=view_student of the component POST Handler. The manipulation of the argument ID leads to authorization bypass. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS