CVE-2026-3762 - Vulnerability Analysis
HighCVSS: 7.3Last Updated: March 9, 2026
SourceCodester Client Database Management System - Broken Access Control
Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Client Database Management System 1.0/3.1 contains a broken access control caused by improper authorization in /superadmin_delete_manager.php, letting remote attackers perform unauthorized actions, exploit requires no special privileges.
Severity & Score
Severity: High
CVSS Score: 7.3
Impact
Remote attackers can perform unauthorized actions, potentially leading to data modification or privilege escalation.
Mitigation
Update to the latest version or apply patches addressing authorization checks.
References
Related Resources
Details
- CVE ID
- CVE-2026-3762
- Severity
- High
- CVSS Score
- 7.3
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L