CVE-2026-9484
MEDIUMSourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorization
Title source: cnaDescription
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroom_id can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
References (7)
Core 7
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-365465 | SourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorization
https://vuldb.com/vuln/365465
Signature, Permissions Required signature
permissions-required
VDB-365465 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/365465/cti
Third Party Advisory third-party-advisory
Submit #814038 | SourceCodester Student Grades Management System 1.0 Improper Access Controls
https://vuldb.com/submit/814038
Third Party Advisory third-party-advisory
Submit #814039 | SourceCodester Student Grades Management System 1.0 Improper Access Controls (Duplicate)
https://vuldb.com/submit/814039
Third Party Advisory third-party-advisory
Submit #814042 | SourceCodester Student Grades Management System 1.0 Improper Access Controls (Duplicate)
https://vuldb.com/submit/814042
Product product
https://www.sourcecodester.com/
Scores
CVSS v3
6.3
EPSS
0.0027
EPSS Percentile
18.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
CWE-285
Status
published
Products (1)
SourceCodester/Student Grades Management System
1.0
Published
May 25, 2026
Tracked Since
May 26, 2026