CVE-2026-10254 - Vulnerability Details

- SourceCodester Pet Grooming Management Software admin file information disclosure

Description

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used.

Published: 2026-06-01

Score: 6.9 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

An application flaw in SourceCodester Pet Grooming Management Software version 1.0 allows the execution of an unknown function within the /admin/ directory, resulting in the exposure of file and directory information. The vulnerability can be triggered from a remote location and enables an attacker to retrieve sensitive server details that should remain internal. The disclosed data could include configuration files, executable binaries or other assets in the administrative area, potentially aiding further compromise or violating privacy requirements.

Affected Systems

The affected software is SourceCodester Pet Grooming Management Software, version 1.0, deployed on a web server that hosts the /admin/ interface. The issue is limited to this product and version; no other versions or related products are currently listed as impacted.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.9, indicating moderate severity for information disclosure. EPSS data is unavailable, and the issue is not listed in the CISA KEV catalog. Exploit code has been published and the attack can be initiated remotely, meaning any exposed instance of the software without proper access restrictions is susceptible to abuse. The disclosure not only leaks directory listings but may surface other confidential files, increasing the potential for targeted attacks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

Pet Grooming Management Software

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Pet Grooming Management Software

95%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Deploy the vendor‑supplied patch for SourceCodester Pet Grooming Management Software 1.0 or later as soon as it becomes available.
Restrict access to the /admin/ directory by requiring authentication, applying role‑based access control, or employing IP‑whitelisting to limit exposure to authorized users only.
Review the application for proper authorization checks and input validation, ensuring that file‑system access is appropriately gated and update any custom code that interacts with the administrative interface accordingly.

Generated by OpenCVE AI on June 1, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/MICHEY-Ben/cve/issues/2
https://vuldb.com/cve/CVE-2026-10254
https://vuldb.com/submit/824147
https://vuldb.com/vuln/367532
https://vuldb.com/vuln/367532/cti
https://www.sourcecodester.com/

History

Mon, 01 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 13:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used.
Title		SourceCodester Pet Grooming Management Software admin file information disclosure
First Time appeared		Sourcecodester Sourcecodester pet Grooming Management Software
Weaknesses		CWE-200 CWE-538
CPEs		cpe:2.3:a:sourcecodester:pet_grooming_management_software::::::::
Vendors & Products		Sourcecodester Sourcecodester pet Grooming Management Software
References		https://github.com/MICHEY-Ben/cve/issues/2 https://vuldb.com/cve/CVE-2026-10254 https://vuldb.com/submit/824147 https://vuldb.com/vuln/367532 https://vuldb.com/vuln/367532/cti https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Sourcecodester Pet Grooming Management Software

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-01T11:45:07.801Z

Updated: 2026-06-01T14:51:41.218Z

Reserved: 2026-05-31T12:20:39.702Z

Link: CVE-2026-10254

Vulnrichment

Updated: 2026-06-01T14:51:37.600Z

NVD

Status : Deferred

Published: 2026-06-01T13:16:29.560

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10254

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T14:45:26Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object