SourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorization
Description
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroom_id can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper authorization in SourceCodester Student Grades Management System 1.0 allows remote attackers to manipulate classroom data via classroom_id parameter in classroom.php.
Vulnerability
In SourceCodester Student Grades Management System version 1.0, the functions getClassroomStudents and removeStudentFromClassroom in classroom.php fail to properly verify authorization when processing the classroom_id argument. An attacker can manipulate this parameter to access or modify classroom records without proper privileges. The vulnerability is present in the publicly available source code [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication. By sending crafted HTTP requests to classroom.php with a manipulated classroom_id parameter, the attacker can invoke the affected functions. The exploit has been publicly disclosed and may be utilized [2].
Impact
Successful exploitation leads to unauthorized access to classroom student lists and the ability to remove students from classrooms. This results in improper authorization, potentially compromising the integrity and confidentiality of student grade management data.
Mitigation
As of the publication date, no official patch has been released by SourceCodester. Users should consider implementing input validation and authorization checks on the classroom_id parameter. The vendor has not announced a fixed version. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- vuldb.com/submit/814038mitrethird-party-advisory
- vuldb.com/submit/814039mitrethird-party-advisory
- vuldb.com/submit/814042mitrethird-party-advisory
- vuldb.com/vuln/365465mitrevdb-entrytechnical-description
- vuldb.com/vuln/365465/ctimitresignaturepermissions-required
- www.sourcecodester.commitreproduct
News mentions
0No linked articles in our index yet.