CVE-2026-3761
Received Received - Intake
Improper Authorization in SourceCodester Client DBMS Endpoint

Publication date: 2026-03-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-08
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-03-08
EPSS Evaluated
2026-05-05
NVD
CVE-2026-3761
EUVD
EUVD-2026-10264
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lerouxyxchire client_database_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-3761 is a vulnerability in SourceCodester Client Database Management System (CDMS) version 1.0, specifically in the endpoint /superadmin_user_delete.php.'}, {'type': 'paragraph', 'content': "The flaw exists because this endpoint lacks proper authentication and authorization controls. It processes POST requests containing a user_id parameter and deletes user accounts without verifying the requester's identity or permissions."}, {'type': 'paragraph', 'content': 'An attacker can exploit this remotely by sending a crafted POST request to delete arbitrary user accounts without needing any authentication token or valid session.'}] [1, 2, 3]


How can this vulnerability impact me? :

This vulnerability can have several serious impacts on affected systems.

  • Deletion of arbitrary user accounts, leading to loss of user data.
  • Disruption of business operations due to unauthorized user deletions.
  • Permanent data loss affecting system integrity.
  • Bypassing of privilege restrictions, allowing unauthorized actions.
  • Denial-of-service attacks against legitimate users by removing their accounts.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to send a crafted HTTP POST request to the vulnerable endpoint /superadmin_user_delete.php with a user_id parameter. If the system responds with a success message without requiring authentication, it indicates the presence of the flaw.'}, {'type': 'paragraph', 'content': 'A suggested command to test for this vulnerability is using curl as follows:'}, {'type': 'list_item', 'content': 'curl -X POST http://TARGET/cdm/superadmin_user_delete.php -d "user_id=31"'}, {'type': 'paragraph', 'content': 'If the server responds with {"status":"success","message":"User deleted successfully."}, it confirms the vulnerability.'}] [1, 3]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or mitigations have been reported for this vulnerability.

It is suggested to replace the affected component with an alternative product that properly implements authentication and authorization checks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart