File Inclusion Vulnerability in SourceCodester Leave Application System
CVE-2026-5210

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Leave Application System
Vendor
CVE Published:
31 March 2026

What is CVE-2026-5210?

A file inclusion vulnerability has been identified in the SourceCodester Leave Application System version 1.0. This flaw emerges from improper validation of parameters in user-supplied data, specifically within the argument that handles the page manipulation. By exploiting this weakness, an attacker could potentially include malicious files via remote means, leading to further compromise of the system. As the exploit is now publicly available, it is crucial for users of this product to apply any available patches and follow security best practices to protect their applications.

Affected Version(s)

Leave Application System 1.0

References

https://vuldb.com/vuln/354346
vdb-entrytechnical-description
https://vuldb.com/vuln/354346/cti
signaturepermissions-required
https://vuldb.com/submit/780419
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hemant Raj Bhati (VulDB User)
.