CVE-2026-3761 - Vulnerability Analysis
MediumCVSS: 5.4Last Updated: March 9, 2026
SourceCodester Client Database Management System - Broken Access Control
Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Client Database Management System 1.0 contains a broken access control caused by improper authorization in /superadmin_user_delete.php endpoint, letting remote attackers perform unauthorized actions, exploit requires no special privileges.
Severity & Score
Severity: Medium
CVSS Score: 5.4
Impact
Remote attackers can perform unauthorized actions, potentially leading to data modification or user management compromise.
Mitigation
Update to the latest version or apply vendor patches addressing authorization checks.
References
Related Resources
Details
- CVE ID
- CVE-2026-3761
- Severity
- Medium
- CVSS Score
- 5.4
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L