In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.
https://github.com/ciph0x01/Simple-Exam-Reviewer-Management-System-CVE/blob/main/CVE-2022-42197.md