CVE-2026-3737

MEDIUM

SourceCodester Pet Grooming 1.0 - Auth Bypass

Title source: llm

Description

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.349715

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349715

[Permissions Required, VDB Entry] https://vuldb.com/?submit.767320

[Third Party Advisory] https://github.com/hiranerakkot/Pet-Grooming-Software/blob/main/Vulnerability_1.md

View Writeup ZIP pw:eip

[Various Sources] https://www.sourcecodester.com/

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

mayurik/pet_grooming_management_software 1.0

Published Mar 08, 2026

Tracked Since Mar 08, 2026