PT-2026-23972 · Sourcecodester · Client Database Management System

Adarsh007

Publicado

2026-03-08

Atualizado

2026-03-08

CVE-2026-3761

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0

Description The software contains a flaw related to improper authorization. A manipulation of the user id argument in the /superadmin user delete.php endpoint can lead to unauthorized access. The exploit has been published.

Recommendations Apply any available updates to address the improper authorization issue in the /superadmin user delete.php endpoint. As a temporary workaround, restrict access to the /superadmin user delete.php endpoint. Avoid using the user id parameter in the /superadmin user delete.php endpoint until the issue is resolved.

Exploit

Correção

Incorrect Privilege Assignment

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-285

Identificadores relacionados

CVE-2026-3761

Produtos afetados

Client Database Management System

PT-2026-23972 · Sourcecodester · Client Database Management System

CVE-2026-3761

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11