CVE-2026-1702 - Vulnerability Details

- SourceCodester Pet Grooming Management Software User Management user.php improper authorization

Description

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used.

Published: 2026-01-30

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is located in the admin/user.php module of SourceCodester Pet Grooming Management Software 1.0. By altering the group_id parameter the attacker can bypass normal authorization checks. The result is that a non‑privileged user could gain elevated permissions or access sensitive user data. This type of flaw is a classic example of improper authorization, classified under CWE‑266 and CWE‑285.

Affected Systems

SourceCodester Pet Grooming Management Software version 1.0, delivered under the /admin/operation/user.php path. The flaw is present only in this specific released version; no other versions have been identified as affected.

Risk and Exploitability

The vulnerability scores a CVSS of 5.3, indicating moderate impact, and an EPSS below 1 %, implying a low likelihood of exploitation. It is not listed in CISA’s KEV, but the existence of a publicly known exploit raises concern. The attack can be initiated remotely via a web request, making it accessible from any machine that can reach the application. If exploited, the attacker could impersonate higher‑privileged roles, potentially compromising confidential data or manipulating business processes.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

Pet Grooming Management Software

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:mayurik:pet_grooming_management_software:1.0:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Sourcecodester	Pet Grooming Management Software	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Pet Grooming Management Software to the latest version or apply the vendor’s security patch if available.
Restrict web access to the /admin/operation/user.php endpoint by applying IP‑based or authentication controls on the web server.
Implement input validation and sanitization for the group_id parameter to prevent unauthorized value manipulation.
Monitor application logs for abnormal user role changes or repeated access to the user management module.

Generated by OpenCVE AI on April 18, 2026 at 01:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/Asim-QAZi/Improper-Access-Control---in-Pet-Grooming-Management-Software
https://vuldb.com/?ctiid.343492
https://vuldb.com/?id.343492
https://vuldb.com/?submit.742226
https://www.sourcecodester.com/

History

Fri, 13 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mayurik Mayurik pet Grooming Management Software
CPEs		cpe:2.3:a:mayurik:pet_grooming_management_software:1.0:::::::*
Vendors & Products		Mayurik Mayurik pet Grooming Management Software

Tue, 03 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sourcecodester Sourcecodester pet Grooming Management Software
Vendors & Products		Sourcecodester Sourcecodester pet Grooming Management Software

Fri, 30 Jan 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 30 Jan 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used.
Title		SourceCodester Pet Grooming Management Software User Management user.php improper authorization
Weaknesses		CWE-266 CWE-285
References		https://github.com/Asim-QAZi/Improper-Access-Control---in-Pet-Grooming-Management-Software https://vuldb.com/?ctiid.343492 https://vuldb.com/?id.343492 https://vuldb.com/?submit.742226 https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Mayurik Pet Grooming Management Software

Sourcecodester Pet Grooming Management Software

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-30T17:32:09.669Z

Updated: 2026-02-23T09:11:04.789Z

Reserved: 2026-01-30T10:56:59.494Z

Link: CVE-2026-1702

Vulnrichment

Updated: 2026-01-30T19:28:21.378Z

NVD

Status : Analyzed

Published: 2026-01-30T18:15:59.930

Modified: 2026-02-13T18:04:05.913

Link: CVE-2026-1702

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:15:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object