CVE-2026-9412

6.3 MEDIUM

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0

Published: 2026-05-25 · Last updated: 2026-05-26

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266, CWE-284

Description

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Multiple endpoints are affected.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9412
[Other]https://gist.github.com/c4ttr4ck/db84fc2af3e542acf1eab685264bcfc1
[Other]https://vuldb.com/submit/813608
[Other]https://vuldb.com/vuln/365393
[Other]https://vuldb.com/vuln/365393/cti
[Other]https://www.sourcecodester.com/

Related CVEs

Same CWE

CVE-2026-53862 — OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with... (4.2 MEDIUM)
CVE-2026-53847 — OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators wit... (5.4 MEDIUM)
CVE-2026-49780 — Customer Privilege Escalation in Dokan <= 5.0.2 versions (8.8 HIGH)
CVE-2026-49083 — Contributor Privilege Escalation in LatePoint <= 5.5.1 versions (7.5 HIGH)
CVE-2026-49063 — Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions (7.3 HIGH)