Weak Password Recovery Vulnerability in OUSL-GROUP-BrinaryBrains School Student Management System
CVE-2026-10169

6.3MEDIUM

Key Information:

Vendor

Ousl-group-brinarybrains

Status
School Student Management System
Vendor
CVE Published:
31 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-10169?

A vulnerability exists in the Forgot Password Endpoint of the OUSL-GROUP-BrinaryBrains School Student Management System, specifically affecting the ajax_forgot_password function in the Login.php file. This vulnerability can lead to weak password recovery mechanisms, which may allow attackers to exploit the system remotely. Exploiting this issue is characterized by high complexity, making it less straightforward to execute. Although the vulnerability has been made public, the project maintainers have yet to respond to the initial report regarding this security concern.

Affected Version(s)

School Student Management System 1e70e5ad1125b86dca4ee086eb6bb121f17708b6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-10169 - Proof of Concept

References

https://vuldb.com/vuln/367423
vdb-entrytechnical-description
https://vuldb.com/vuln/367423/cti
signaturepermissions-required
https://vuldb.com/submit/819395
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

seventeenss (VulDB User)
VulDB CNA Team
.