CVE-2026-9484: Improper Authorization in SourceCodester Student Grades Management System
CVE-2026-9484 is a medium severity vulnerability in SourceCodester Student Grades Management System 1. 0. It involves improper authorization in the classroom. php file, specifically in the getClassroomStudents and removeStudentFromClassroom functions. An attacker can manipulate the classroom_id argument remotely to bypass authorization controls. The vulnerability has been publicly disclosed, but no official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
This vulnerability affects SourceCodester Student Grades Management System version 1.0. The issue lies in improper authorization checks within the getClassroomStudents and removeStudentFromClassroom functions in classroom.php. By manipulating the classroom_id parameter, an attacker with limited privileges can perform unauthorized actions related to classroom student data. The vulnerability is remotely exploitable and has been publicly disclosed. No vendor advisory or patch information is provided, and the remediation level is unknown.
Potential Impact
Successful exploitation allows an attacker to bypass authorization controls and potentially access or modify classroom student data without proper permissions. This could lead to unauthorized data exposure or modification within the affected system. The CVSS 4.0 base score is 5.3, indicating a medium severity impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected application and monitor for suspicious activity related to classroom_id parameter manipulation. Avoid exposing the vulnerable functions to untrusted users where possible.
CVE-2026-9484: Improper Authorization in SourceCodester Student Grades Management System
Description
CVE-2026-9484 is a medium severity vulnerability in SourceCodester Student Grades Management System 1. 0. It involves improper authorization in the classroom. php file, specifically in the getClassroomStudents and removeStudentFromClassroom functions. An attacker can manipulate the classroom_id argument remotely to bypass authorization controls. The vulnerability has been publicly disclosed, but no official patch or remediation guidance is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects SourceCodester Student Grades Management System version 1.0. The issue lies in improper authorization checks within the getClassroomStudents and removeStudentFromClassroom functions in classroom.php. By manipulating the classroom_id parameter, an attacker with limited privileges can perform unauthorized actions related to classroom student data. The vulnerability is remotely exploitable and has been publicly disclosed. No vendor advisory or patch information is provided, and the remediation level is unknown.
Potential Impact
Successful exploitation allows an attacker to bypass authorization controls and potentially access or modify classroom student data without proper permissions. This could lead to unauthorized data exposure or modification within the affected system. The CVSS 4.0 base score is 5.3, indicating a medium severity impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected application and monitor for suspicious activity related to classroom_id parameter manipulation. Avoid exposing the vulnerable functions to untrusted users where possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-24T09:26:21.424Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a14a590a5ae1af1aae00339
Added to database: 5/25/2026, 7:40:00 PM
Last enriched: 5/25/2026, 7:55:24 PM
Last updated: 5/26/2026, 3:14:21 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.