CVE-2026-47325
Description
ProjectsAndPrograms school-management-system uses predictable passwords based on birth dates, allowing unauthorized access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ProjectsAndPrograms school-management-system uses predictable passwords based on birth dates, allowing unauthorized access.
Vulnerability
The ProjectsAndPrograms school-management-system application generates user passwords solely from the user's date of birth, such as 12072000 for July 12, 2000. The application does not enforce a password change upon first login. The version corresponding to commit 6b6fae5 was confirmed vulnerable; other versions may also be affected [1].
Exploitation
An attacker can exploit this vulnerability by guessing or deriving valid user credentials based on their date of birth. No specific network position, authentication, or user interaction is required beyond obtaining or guessing a user's date of birth.
Impact
Successful exploitation allows an attacker to gain unauthorized access to user accounts, potentially leading to the disclosure of sensitive information or further compromise of the system, depending on the privileges of the accessed account.
Mitigation
No patched version or specific mitigation details have been disclosed in the available references. The maintainers were notified of this vulnerability but have not yet provided a fix. The affected version is 6b6fae5 [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: before commit 6b6fae5
- Range: before commit 6b6fae5
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.