CVE-2026-3761
Received Received - Intake
Improper Authorization in SourceCodester Client DBMS Endpoint

Publication date: 2026-03-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3761
EUVD
EUVD-2026-10264
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lerouxyxchire client_database_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-3761 is a vulnerability in SourceCodester Client Database Management System (CDMS) version 1.0, specifically in the endpoint /superadmin_user_delete.php.'}, {'type': 'paragraph', 'content': "The flaw exists because this endpoint lacks proper authentication and authorization controls. It processes POST requests containing a user_id parameter and deletes user accounts without verifying the requester's identity or permissions."}, {'type': 'paragraph', 'content': 'An attacker can exploit this remotely by sending a crafted POST request to delete arbitrary user accounts without needing any authentication token or valid session.'}] [1, 2, 3]

Impact Analysis

This vulnerability can have several serious impacts on affected systems.

  • Deletion of arbitrary user accounts, leading to loss of user data.
  • Disruption of business operations due to unauthorized user deletions.
  • Permanent data loss affecting system integrity.
  • Bypassing of privilege restrictions, allowing unauthorized actions.
  • Denial-of-service attacks against legitimate users by removing their accounts.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to send a crafted HTTP POST request to the vulnerable endpoint /superadmin_user_delete.php with a user_id parameter. If the system responds with a success message without requiring authentication, it indicates the presence of the flaw.'}, {'type': 'paragraph', 'content': 'A suggested command to test for this vulnerability is using curl as follows:'}, {'type': 'list_item', 'content': 'curl -X POST http://TARGET/cdm/superadmin_user_delete.php -d "user_id=31"'}, {'type': 'paragraph', 'content': 'If the server responds with {"status":"success","message":"User deleted successfully."}, it confirms the vulnerability.'}] [1, 3]

Mitigation Strategies

No known countermeasures or mitigations have been reported for this vulnerability.

It is suggested to replace the affected component with an alternative product that properly implements authentication and authorization checks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3761. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart