CVE-2026-13568
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
A vulnerability has been found in SourceCodester Inventory Management System 1.0 in the file /api/users_handler.php of the User Registration Endpoint. Manipulation of the role argument leads to improper access controls, allowing remote exploitation.
Risk Assessment
The organization is at risk of unauthorized privilege changes, potentially leading to privilege escalation and system compromise.
Recommendation
Update the system to the latest version or apply the vendor's security patch immediately. Until then, restrict access to the /api/users_handler.php file.
Original NVD description (English source)
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

