CVE-2026-13568
HIGHSourceCodester Inventory Management System User Registration Endpoint users_handler.php access control
Title source: cnaDescription
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-374576 | SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control
https://vuldb.com/vuln/374576
Signature, Permissions Required signature
permissions-required
VDB-374576 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/374576/cti
Third Party Advisory third-party-advisory
CVE-2026-13568 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-13568
Third Party Advisory third-party-advisory
Submit #844257 | SourceCodester Inventory Management System NA Improper Access Controls
https://vuldb.com/submit/844257
Product product
https://www.sourcecodester.com/
Scores
CVSS v3
7.3
EPSS
0.0028
EPSS Percentile
19.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-266
CWE-284
Status
published
Products (1)
SourceCodester/Inventory Management System
1.0
Published
Jun 29, 2026
Tracked Since
Jun 29, 2026