Improper Authorization Vulnerability in SourceCodester Water Billing Management System
CVE-2026-10236

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Water Billing Management System
Vendor
CVE Published:
1 June 2026

What is CVE-2026-10236?

A vulnerability has been identified in the SourceCodester Water Billing Management System, specifically within the User Management Endpoint located at /classes/Users.php?f=save. This flaw allows a remote attacker to bypass authorization mechanisms, potentially leading to unauthorized access to sensitive user data. The vulnerability has been made public, raising concerns about its exploitation in the wild. It is crucial for users of this system to implement security measures to mitigate the risks associated with this vulnerability and to regularly update their software to the latest versions.

Affected Version(s)

Water Billing Management System 1.0

References

https://vuldb.com/vuln/367515
vdb-entry
https://vuldb.com/vuln/367515/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10236
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

renzortega1337 (VulDB User)
.