{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3761", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-07T20:42:10.785Z", "datePublished": "2026-03-08T18:32:11.412Z", "dateUpdated": "2026-03-11T19:23:35.033Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-08T18:32:11.412Z"}, "title": "SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "Improper Authorization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "SourceCodester", "product": "Client Database Management System", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Endpoint"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-07T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-07T21:47:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Adarsh007 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.349739", "name": "VDB-349739 | SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349739", "name": "VDB-349739 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.768120", "name": "Submit #768120 | SourceCodester Client Database Management System (CDMS) 1.0 Improper Authorization", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/Adarshh-A/dd8884d768d9dde9072fe5efce453824", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T19:23:25.940596Z", "id": "CVE-2026-3761", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:23:35.033Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3761", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T19:23:25.940596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:23:30.447Z"}}], "cna": {"tags": ["x_freeware"], "title": "SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization", "credits": [{"lang": "en", "type": "reporter", "value": "Adarsh007 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "SourceCodester", "modules": ["Endpoint"], "product": "Client Database Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-07T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-07T21:47:18.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.349739", "name": "VDB-349739 | SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349739", "name": "VDB-349739 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.768120", "name": "Submit #768120 | SourceCodester Client Database Management System (CDMS) 1.0 Improper Authorization", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/Adarshh-A/dd8884d768d9dde9072fe5efce453824", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "Improper Authorization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-08T18:32:11.412Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3761", "state": "PUBLISHED", "dateUpdated": "2026-03-11T19:23:35.033Z", "dateReserved": "2026-03-07T20:42:10.785Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-08T18:32:11.412Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lerouxyxchire:client_database_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFE80DE6-C79F-452F-9523-4EC1F9777DA4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used."}, {"lang": "es", "value": "Se ha encontrado un fallo en SourceCodester Sistema de Gesti\u00f3n de Base de Datos de Cliente 1.0. Este problema afecta a alg\u00fan procesamiento desconocido del archivo /superadmin_user_delete.php del componente Endpoint. La ejecuci\u00f3n de una manipulaci\u00f3n del argumento user_id puede llevar a una autorizaci\u00f3n indebida. El ataque puede realizarse de forma remota. El exploit ha sido publicado y puede ser utilizado."}], "id": "CVE-2026-3761", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-08T19:16:01.387", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Adarshh-A/dd8884d768d9dde9072fe5efce453824"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.349739"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.349739"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.768120"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.sourcecodester.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-285"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Client Database Management System", "source": "cna", "vendor": "SourceCodester"}, "product": "client_database_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-18T09:43:34.245873+00:00", "value": {"mitigation_remediation": ["Apply any available vendor patch for Client Database Management System 1.0 that addresses the improper authorization in the superadmin_user_delete.php endpoint, if such a patch has been released.", "Restrict access to the superadmin_user_delete.php endpoint by enforcing authentication and role\u2011based access controls, ensuring that only legitimate superadmin sessions can send delete requests and validating the user_id parameter against authorized accounts.", "If a patch is not yet released, disable or restrict the delete endpoint, require manual approval for user deletions, and monitor application logs for unauthorized deletion attempts."], "summary": {"action": "Patch", "impact": "Unauthorized Deletion of User Accounts"}, "threat_synthesis": {"affected_systems": "The vulnerability affects SourceCodester\u2019s Client Database Management System version\u00a01.0, specifically the superadmin_user_delete.php component of the Endpoint directory. No other variants or versions are listed as affected.", "description_and_impact": "Improper authorization in the /superadmin_user_delete.php endpoint of SourceCodester Client Database Management System 1.0 permits manipulation of the user_id parameter to delete arbitrary user accounts. This flaw can lead to unauthorized data loss and it maps to CWE-266 and CWE-285.", "risk_and_exploitability": "The CVSS score is 5.3, indicating moderate severity, while the EPSS score of less than 1\u202f% denotes a low current exploitation probability and the vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities list. The description states the attack may be performed from remote; the flaw indicates improper authorization, meaning an attacker lacking sufficient privileges could delete accounts, though it is not clear whether authentication is required. An exploit has already been published, so the risk remains moderate with low likelihood of exploitation."}}}}, "created": "2026-03-09T10:02:51.027115+00:00", "updated": "2026-04-18T09:45:25.842314+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$client_database_management_system"]}