Improper Access Control in SourceCodester Inventory Management System
CVE-2026-13568

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Inventory Management System
Vendor
CVE Published:
29 June 2026

What is CVE-2026-13568?

A vulnerability has been detected in the SourceCodester Inventory Management System version 1.0, specifically within the /api/users_handler.php file related to the User Registration Endpoint. This weakness allows for manipulation of the 'role' argument, leading to improper access controls. An attacker can exploit this vulnerability remotely, as the exploit code has been publicly disclosed. Organizations using this system should take immediate action to mitigate the risks associated with unauthorized access.

Affected Version(s)

Inventory Management System 1.0

References

https://vuldb.com/vuln/374576
vdb-entrytechnical-description
https://vuldb.com/vuln/374576/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-13568
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ayush8816 (VulDB User)
VulDB Vulnerability Moderation Team
.