CVE-2026-9486 - Vulnerability Details

- SourceCodester Student Grades Management System cross-site request forgery

Description

A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Published: 2026-05-25

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw was discovered in SourceCodester Student Grades Management System 1.0 that allows an attacker to perform a cross‑site request forgery. The flaw permits the execution of unintended state‑changing or data‑retrieval actions by a victim’s authenticated session, potentially leading to unauthorized modification of grades or disclosure of sensitive information. The vulnerability is modeled after CWE‑352 and is further complicated by a lack of proper authentication checks (CWE‑862).

Affected Systems

The only affected product listed is SourceCodester Student Grades Management System version 1.0. The specific module or feature affected is not named, but the issue resides within the core application code of this release.

Risk and Exploitability

The CVSS base score of 5.3 indicates moderate severity. EPSS data is not available, so the exploitation probability cannot be precisely quantified. The vulnerability is not in the CISA KEV catalog, but a public exploit has been released, and it can be triggered remotely through a web browser. Therefore, the likely attack vector is inferred to require access to a victim’s session or the ability to inject crafted requests from a web page.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

Student Grades Management System

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Student Grades Management System

95%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a patched version of SourceCodester Student Grades Management System if available
Add a cryptographically‑secure CSRF token to all state‑changing requests and validate it on the server
Require authentication on all sensitive actions and ensure that the session identifier is bound to the user’s IP address or user agent
For environments where a patch is not yet available, disable or restrict external access to the administrative interface and monitor logs for abnormal POST activity

Generated by OpenCVE AI on May 25, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/Jack-MRJ/Student-Grades-Management-System-Vulnerability-Report
https://vuldb.com/submit/814044
https://vuldb.com/vuln/365467
https://vuldb.com/vuln/365467/cti
https://www.sourcecodester.com/

History

Tue, 26 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 25 May 2026 19:45:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Title		SourceCodester Student Grades Management System cross-site request forgery
First Time appeared		Sourcecodester Sourcecodester student Grades Management System
Weaknesses		CWE-352 CWE-862
CPEs		cpe:2.3:a:sourcecodester:student_grades_management_system::::::::
Vendors & Products		Sourcecodester Sourcecodester student Grades Management System
References		https://github.com/Jack-MRJ/Student-Grades-Management-System-Vulnerability-Report https://vuldb.com/submit/814044 https://vuldb.com/vuln/365467 https://vuldb.com/vuln/365467/cti https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Sourcecodester Student Grades Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-25T19:30:09.710Z

Updated: 2026-05-26T12:50:35.979Z

Reserved: 2026-05-24T09:26:32.498Z

Link: CVE-2026-9486

Vulnrichment

Updated: 2026-05-26T12:50:30.343Z

NVD

Status : Deferred

Published: 2026-05-25T20:16:37.980

Modified: 2026-05-26T19:37:00.120

Link: CVE-2026-9486

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-25T21:00:10Z

Weaknesses

CWE-352
Cross-Site Request Forgery (CSRF)
CWE-862
Missing Authorization

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object