CVE-2026-3738

MEDIUM

SourceCodester Pet Grooming 1.0 - Auth Bypass

Title source: llm

Description

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.349716

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349716

[Permissions Required, VDB Entry] https://vuldb.com/?submit.767321

[Third Party Advisory] https://github.com/hiranerakkot/Pet-Grooming-Software/blob/main/Vulnerability_2.md

View Writeup ZIP pw:eip

[Various Sources] https://www.sourcecodester.com/

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

mayurik/pet_grooming_management_software 1.0

Published Mar 08, 2026

Tracked Since Mar 08, 2026