CVE-2026-9483 - Vulnerability Details

- SourceCodester Student Grades Management System grades.php improper authorization

Description

A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used.

Published: 2026-05-25

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the grades.php file of the Student Grades Management System permits an attacker to manipulate the student_id argument, bypassing normal authorization checks. This can allow unauthenticated users to view or modify grades that do not belong to them, leading to a breach of confidentiality and potential integrity violations of student data.

Affected Systems

The vulnerability affects SourceCodester Student Grades Management System version 1.0. The weakness resides in grades.php, which handles grading information for individual students.

Risk and Exploitability

With a CVSS score of 5.3, the risk is moderate. The EPSS score is currently unavailable, but the vulnerability is publicly documented and can be exploited remotely by sending crafted requests that alter the student_id parameter. Since the vulnerability is not listed in the CISA KEV catalog, no immediate high‑profile exploitation events have been reported yet, yet the public nature of the exploit means it is feasible for adversaries to use it against vulnerable installations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

Student Grades Management System

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Student Grades Management System

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest patch or update released by SourceCodester for the Student Grades Management System.
Ensure that grades.php and related endpoints require authentic session tokens and reject any request without a valid logged‑in user state.
Validate the student_id parameter strictly, checking it against the authenticated user's authorized student record list and rejecting out‑of‑range or unauthorized values.

Generated by OpenCVE AI on May 25, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/Jack-MRJ/Student-Grades-Management-System-Vulnerability-Report
https://vuldb.com/submit/814037
https://vuldb.com/vuln/365464
https://vuldb.com/vuln/365464/cti
https://www.sourcecodester.com/

History

Tue, 26 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 25 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used.
Title		SourceCodester Student Grades Management System grades.php improper authorization
First Time appeared		Sourcecodester Sourcecodester student Grades Management System
Weaknesses		CWE-266 CWE-285
CPEs		cpe:2.3:a:sourcecodester:student_grades_management_system::::::::
Vendors & Products		Sourcecodester Sourcecodester student Grades Management System
References		https://github.com/Jack-MRJ/Student-Grades-Management-System-Vulnerability-Report https://vuldb.com/submit/814037 https://vuldb.com/vuln/365464 https://vuldb.com/vuln/365464/cti https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Sourcecodester Student Grades Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-25T18:45:11.976Z

Updated: 2026-05-26T13:02:07.124Z

Reserved: 2026-05-24T09:26:18.951Z

Link: CVE-2026-9483

Vulnrichment

Updated: 2026-05-26T13:02:01.588Z

NVD

Status : Deferred

Published: 2026-05-25T19:16:37.337

Modified: 2026-05-26T19:37:00.120

Link: CVE-2026-9483

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-25T20:30:26Z

Weaknesses

CWE-266
Incorrect Privilege Assignment
CWE-285
Improper Authorization

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object