CVE-2026-3764
Improper Authorization in SourceCodester Client DBMS Allows Remote Access
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lerouxyxchire | client_database_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3764 is a critical security vulnerability in SourceCodester Client Database Management System (CDMS) version 1.0, specifically in the file superadmin_user_update.php. The vulnerability arises because the system does not perform proper authorization checks before processing user update requests.'}, {'type': 'paragraph', 'content': "An unauthenticated attacker can send a crafted POST request to this endpoint with parameters such as user_id, firstname, lastname, username, role, department_assignment, and id_number. Because there is no session validation or role verification, the attacker can escalate privileges by changing a user's role to superadmin without any authentication."}, {'type': 'paragraph', 'content': 'This results in a complete bypass of access controls, allowing the attacker to gain full administrative privileges.'}] [1, 2, 3]
How can this vulnerability impact me? :
The vulnerability allows an attacker to escalate privileges to superadmin without authentication, granting them full administrative control over the system.
- Modify or delete user accounts
- Remove managers
- Manipulate system data
- Compromise the confidentiality, integrity, and availability of the system
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to send a crafted POST request to the vulnerable endpoint `/cdm/superadmin_user_update.php` with parameters such as `user_id=32`, `firstname=Test`, `lastname=User`, `username=testuser`, `role=superadmin`, `department_assignment=IT`, and `id_number=ID999`. If the request succeeds and the user's role is updated to superadmin without authentication, the system is vulnerable."}, {'type': 'paragraph', 'content': 'Additionally, attackers or defenders can use Google dorking with the query `inurl:superadmin_user_update.php` to identify potentially vulnerable targets.'}, {'type': 'paragraph', 'content': 'Example command using curl to test the vulnerability:'}, {'type': 'list_item', 'content': 'curl -X POST https://[target]/cdm/superadmin_user_update.php -d "user_id=32&firstname=Test&lastname=User&username=testuser&role=superadmin&department_assignment=IT&id_number=ID999"'}, {'type': 'paragraph', 'content': "If the response indicates success and subsequent database verification shows the user's role changed to superadmin, the vulnerability is confirmed."}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation is to implement proper session validation and role-based access control in the vulnerable script. This includes requiring authenticated sessions and verifying that the userβs role is superadmin before processing any requests to update user details.'}, {'type': 'paragraph', 'content': 'An example fix involves adding code such as:'}, {'type': 'list_item', 'content': "```php\ninclude 'superadmin_session.php';\nif ($_SESSION['role'] !== 'superadmin') {\n exit('Unauthorized');\n}\n```"}, {'type': 'paragraph', 'content': 'This ensures unauthorized requests are rejected, preventing privilege escalation.'}, {'type': 'paragraph', 'content': 'If possible, consider replacing the affected component with an alternative product that properly enforces authorization checks.'}] [1, 3]