CVE-2026-3737 - Vulnerability Analysis
MediumCVSS: 6.3Last Updated: March 9, 2026
SourceCodester Pet Grooming Management Software - Broken Access Control
Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Pet Grooming Management Software 1.0 contains a broken access control caused by improper authorization in add_user.php User Creation Handler, letting remote attackers bypass authorization, exploit requires no special privileges.
Severity & Score
Severity: Medium
CVSS Score: 6.3
Impact
Remote attackers can bypass authorization to perform unauthorized actions, potentially compromising user management.
Mitigation
Update to the latest version or apply vendor patches addressing authorization checks.
References
Related Resources
Details
- CVE ID
- CVE-2026-3737
- Severity
- Medium
- CVSS Score
- 6.3
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L