CVE-2026-9484
Improper Authorization in Student Grades Management System 1.0
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | student_grades_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SourceCodester Student Grades Management System 1.0, specifically in the functions getClassroomStudents and removeStudentFromClassroom within the classroom.php file.
By manipulating the argument classroom_id, an attacker can bypass proper authorization controls.
This means that unauthorized users may be able to access or modify classroom student data without permission.
The attack can be performed remotely and the exploit has been publicly disclosed.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access or modification of student classroom data.
An attacker exploiting this flaw could potentially view or remove students from classrooms without proper authorization.
Such unauthorized actions could compromise the integrity and confidentiality of student records.
Since the exploit can be launched remotely, it increases the risk of external attackers causing harm.