PT-2026-23973 · Sourcecodester · Client Database Management System
Adarsh007
·
Published
2026-03-08
·
Updated
2026-03-13
·
CVE-2026-3762
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Client Database Management System versions 1.0 through 3.1
Description
A flaw exists in the Endpoint component of the software, specifically within the
/superadmin delete manager.php file. Improper authorization can be triggered by manipulating the manager id argument. This allows for remote exploitation. The exploit has been publicly disclosed.Recommendations
Versions prior to 1.0 and 3.1 are not affected.
Versions 1.0 and 3.1: Address improper authorization by carefully validating the
manager id argument in the /superadmin delete manager.php file.Exploit
Fix
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Client Database Management System