Geekera

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grades Management System version 1.0 **Description** An improper authorization issue exists in the `grades.php` file. A remote attacker can initiate an attack by manipulating the `student id` argument, leading to unauthorized access. **Recommendations** Update SourceCodester Student Grades Management System version 1.0 to a patched version. As a temporary workaround, restrict access to the `grades.php` file or validate the `student id` parameter to ensure proper authorization.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grades Management System version 1.0 **Description** An improper authorization issue exists in the `getClassroomStudents/removeStudentFromClassroom()` function within the `classroom.php` file. A remote attacker can manipulate the `classroom id` argument to bypass authorization controls. **Recommendations** As a temporary workaround, restrict access to the `getClassroomStudents/removeStudentFromClassroom()` function in the `classroom.php` file or avoid using the `classroom id` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grades Management System version 1.0 **Description** An issue exists in the `students.php` file where the manipulation of the `Remarks` argument allows for cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. This allows for remote exploitation of the system. **Recommendations** Update SourceCodester Student Grades Management System version 1.0 to a version that contains a fix for this issue. As a temporary workaround, restrict or sanitize the input of the `Remarks` argument in the `students.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grades Management System version 1.0 **Description** A security flaw allows for cross-site request forgery, which is a type of attack that tricks a victim into performing actions they did not intend to do. This issue can be executed remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.