Description
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used.
Published: 2026-03-08
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Improper Authorization leading to unauthorized access of manager data
Action: Immediate Patch
AI Analysis

Impact

The flaw resides in the fetch_manager_details.php endpoint of SourceCodester Client Database Management System 1.0, where manipulating the manager_id argument bypasses the system’s authorization checks. This improper authorization allows an attacker to retrieve manager detail records that they should not have access to, potentially exposing sensitive personal or organizational data. The weakness falls under CWE-266 (Privilege Escalation: Improper Restriction of Privileges) and CWE-285 (Improper Authorization).

Affected Systems

Both SourceCodester’s Client Database Management System version 1.0 and any installations that have not patched the fetch_manager_details.php endpoint are vulnerable. The vulnerability affects the Endpoint component, and any environment deploying this version without the fix is at risk.

Risk and Exploitability

With a CVSS score of 6.9 the vulnerability is considered moderate to high. The EPSS score is less than 1 percent, indicating low current exploitation probability, yet publicly disclosed exploitation scripts confirm that it can be launched remotely. The CVE is not listed in CISA’s KEV catalog, but the existence of published exploits and a remote attack vector warrants proactive remediation. Attackers would typically send crafted HTTP requests to the vulnerable endpoint from the Internet, altering the manager_id parameter to access data for arbitrary managers, potentially escalating privileges within the system.

Generated by OpenCVE AI on April 16, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check SourceCodester’s website or support channels for any security patch or update addressing the improper authorization flaw, and deploy the patch as soon as it becomes available.
  • Enforce strict authorization checks before granting access to manager details, ensuring that the manager_id supplied in a request matches the authenticated user’s authorized scope.
  • Restrict direct access to the fetch_manager_details.php endpoint to authenticated and authorized users only by implementing appropriate role‑based or token‑based access controls.

Generated by OpenCVE AI on April 16, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Lerouxyxchire
Lerouxyxchire client Database Management System
CPEs cpe:2.3:a:lerouxyxchire:client_database_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Lerouxyxchire
Lerouxyxchire client Database Management System

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester client Database Management System
Vendors & Products Sourcecodester
Sourcecodester client Database Management System

Sun, 08 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used.
Title SourceCodester Client Database Management System Endpoint fetch_manager_details.php improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Lerouxyxchire Client Database Management System
Sourcecodester Client Database Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-11T19:52:23.851Z

Reserved: 2026-03-07T18:02:57.457Z

Link: CVE-2026-3734

cve-icon Vulnrichment

Updated: 2026-03-11T19:52:20.088Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-08T13:16:00.823

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3734

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:30:13Z

Weaknesses