Description
A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
Published: 2026-03-12
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Improper Authorization
Action: Assess Impact
AI Analysis

Impact

A vulnerability in the Web-based Pharmacy Product Management System 1.0, located in the add_admin.php file, allows improper authorization of administrative actions. The flaw resides in an unknown function of the file and enables attackers to bypass authentication controls to gain unauthorized admin capabilities. This constitutes a privilege escalation-type weakness, identified as CWE-266 and CWE-285.

Affected Systems

SourceCodester Web-based Pharmacy Product Management System version 1.0. No additional affected versions are enumerated in the CVE data.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. The EPSS score is reported as less than 1%, implying a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack may be launched remotely, though the exact remote vectors are not detailed in the vendor description. No public exploit or specific attack paths are documented in the provided references.

Generated by OpenCVE AI on March 18, 2026 at 15:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the SourceCodester website for an official patch or update for Web-based Pharmacy Product Management System 1.0.
  • If an update is available, immediately download and apply the patch.
  • If no patch exists, restrict remote access to add_admin.php or disable the function until a fix is released.
  • Enforce strict role-based access control so that only authorized users can invoke admin functions.
  • Monitor system logs for any unauthorized attempts to use administrative features.

Generated by OpenCVE AI on March 18, 2026 at 15:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester web-based Pharmacy Product Management System
Vendors & Products Sourcecodester
Sourcecodester web-based Pharmacy Product Management System

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
Title SourceCodester Web-based Pharmacy Product Management System add_admin.php improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:ND'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Sourcecodester Web-based Pharmacy Product Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-12T13:36:20.462Z

Reserved: 2026-03-11T19:07:39.747Z

Link: CVE-2026-4013

cve-icon Vulnrichment

Updated: 2026-03-12T13:36:12.917Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T08:16:11.810

Modified: 2026-03-12T21:07:53.427

Link: CVE-2026-4013

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:59Z

Weaknesses