CVE Catalog

CVE-2026-13568

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

A vulnerability has been found in SourceCodester Inventory Management System 1.0 in the file /api/users_handler.php of the User Registration Endpoint. Manipulation of the role argument leads to improper access controls, allowing remote exploitation.

Risk Assessment

The organization is at risk of unauthorized privilege changes, potentially leading to privilege escalation and system compromise.

Recommendation

Update the system to the latest version or apply the vendor's security patch immediately. Until then, restrict access to the /api/users_handler.php file.

Original NVD description (English source)

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS