Authorization Bypass in SourceCodester Leave Application System
CVE-2026-5326

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Leave Application System
Vendor
CVE Published:
2 April 2026

What is CVE-2026-5326?

A vulnerability exists in the SourceCodester Leave Application System 1.0 due to improper handling of user permissions related to the User Information Handler function. Specifically, the issue occurs in /index.php?page=manage_user, where unauthorized access can be gained through manipulation of the argument ID. This weakness allows remote attackers to bypass authorization controls, potentially leading to the exposure of sensitive user data. Public exploit techniques are available, heightening the risk of misuse by malicious actors.

Affected Version(s)

Leave Application System 1.0

References

https://vuldb.com/vuln/354657
vdb-entrytechnical-description
https://vuldb.com/vuln/354657/cti
signaturepermissions-required
https://vuldb.com/submit/780773
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hemant Raj Bhati (VulDB User)
.