← back
CVE-2026-13568

SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control

CVSS 6.9 MEDIUMCWE-266CWE-284
Vexday Risk Score
10Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
29 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
SourceCodester · Inventory Management System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vuldb.com/cve/CVE-2026-13568https://vuldb.com/submit/844257https://vuldb.com/vuln/374576https://vuldb.com/vuln/374576/ctihttps://www.sourcecodester.com/