CVE-2026-11519

6.3 MEDIUM

A security flaw has been discovered in SourceCodester Inventory System 1.0

Published: 2026-06-08 · Last updated: 2026-06-09

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266, CWE-285

Description

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11519
[Other]https://vuldb.com/cve/CVE-2026-11519
[Other]https://vuldb.com/submit/836392
[Other]https://vuldb.com/vuln/369139
[Other]https://vuldb.com/vuln/369139/cti
[Other]https://www.sourcecodester.com/

Related CVEs

Same CWE

CVE-2026-47342 — A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue...
CVE-2026-46668 — SpiceDB is an open source database system for creating and managing security-critical application permissions
CVE-2026-47298 — Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network (8.0 HIGH)
CVE-2026-45503 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network (8.1 HIGH)
CVE-2026-45490 — Improper authorization in .NET allows an authorized attacker to elevate privileges locally (7.8 HIGH)