Pr0X1Ma

**Name of the Vulnerable Software and Affected Versions** Kushan2k student-management-system versions up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a **Description** Improper authorization occurs in the Profile Update Endpoint within the `edit-admin` function of the `controllers/AdminController.php` file. Manipulation of the `isadmin` argument allows for remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.