SourceCodester Inventory System Account Creation users_handler.php improper authorization
CVE-2026-11519

5.3MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Inventory System
Vendor
CVE Published:
8 June 2026

What is CVE-2026-11519?

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Affected Version(s)

Inventory System 1.0

References

https://vuldb.com/vuln/369139
vdb-entrytechnical-description
https://vuldb.com/vuln/369139/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-11519
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kamran Saifullah (VulDB User)
VulDB Vulnerability Moderation Team
.