CVE-2026-3762
Improper Authorization in SourceCodester Client DBMS Endpoint
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lerouxyxchire | client_database_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3762 is an improper authorization vulnerability in SourceCodester Client Database Management System versions 1.0 and 3.1. It exists in the endpoint /superadmin_delete_manager.php, where the manager_id parameter can be manipulated. This flaw allows unauthorized remote attackers to bypass authorization checks and perform actions without authentication.
Specifically, the endpoint does not verify the authentication state or user privileges before deleting sales manager accounts, enabling attackers to delete arbitrary managers by sending crafted POST requests.
How can this vulnerability impact me? :
This vulnerability can have critical impacts including unauthorized deletion of sales manager accounts, disruption of business workflows, and compromise of data integrity.
- Attackers can delete arbitrary sales managers without authentication.
- It can disrupt business logic and related records such as sales agents, reports, and assignments.
- It allows privilege bypass and unauthorized data manipulation, affecting system integrity and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the vulnerable endpoint `/superadmin_delete_manager.php` on your system or network. Attackers may exploit it by sending unauthorized POST requests with a `manager_id` parameter.'}, {'type': 'paragraph', 'content': 'One way to test for this vulnerability is to send a crafted POST request to the endpoint to see if it allows deletion without authentication.'}, {'type': 'list_item', 'content': 'Use the following curl command to test if the endpoint is vulnerable (replace http://TARGET with your system URL):'}, {'type': 'list_item', 'content': 'curl -X POST http://TARGET/cdm/superadmin_delete_manager.php -d "manager_id=3"'}, {'type': 'paragraph', 'content': 'If the response indicates a successful deletion without requiring authentication, the system is vulnerable.'}, {'type': 'paragraph', 'content': 'Additionally, attackers may locate vulnerable targets using Google dorking with queries like `inurl:superadmin_delete_manager.php`.'}] [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Currently, no known countermeasures or mitigations have been identified for this vulnerability.
It is suggested to replace the affected product with an alternative that does not have this vulnerability.