CVE-2026-13568

HIGH

SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control

Title source: cna
STIX 2.1

Description

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-374576 | SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control
https://vuldb.com/vuln/374576
Signature, Permissions Required signature permissions-required
VDB-374576 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/374576/cti
Third Party Advisory third-party-advisory
CVE-2026-13568 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-13568
Third Party Advisory third-party-advisory
Submit #844257 | SourceCodester Inventory Management System NA Improper Access Controls
https://vuldb.com/submit/844257

Scores

CVSS v3 7.3
EPSS 0.0028
EPSS Percentile 19.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-266 CWE-284
Status published
Products (1)
SourceCodester/Inventory Management System 1.0
Published Jun 29, 2026
Tracked Since Jun 29, 2026