Description
A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Published: 2026-03-31
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Remote Code Execution via Local File Inclusion
Action: Immediate Patch
AI Analysis

Impact

A Local File Inclusion vulnerability exists in SourceCodester Leave Application System 1.0. By manipulating the "page" argument, an attacker can force the application to include arbitrary files, potentially leading to execution of malicious code on the server. The description explicitly notes that remote exploitation is possible and the exploit is publicly available, indicating that an unauthenticated attacker can trigger the vulnerability from outside the application.

Affected Systems

The only documented affected product is SourceCodester Leave Application System version 1.0. No other versions or additional products are identified.

Risk and Exploitability

The CVSS score of 6.9 reflects moderate to high severity. Although an EPSS score is not available and the vulnerability is not listed in the KEV catalog, the public availability of the exploit and the potential for remote code execution make it a high priority risk. Based on the description, the likely attack vector is an unauthenticated HTTP request manipulating a GET or POST parameter; the exploitation requires the application to resolve the file path on the server, implying the vulnerability could be triggered by remote hosts.

Generated by OpenCVE AI on March 31, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor website or support channels for an official patch or an updated version of the Leave Application System.
  • If a patch is available, apply it immediately to version 1.0.
  • As a temporary measure, restrict access to the application or the "page" parameter using firewall or access control rules, limiting exposure to trusted IP addresses.
  • Consider deploying a web application firewall to block suspicious inclusion attempts or paths that are not part of normal application usage.

Generated by OpenCVE AI on March 31, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester leave Application System
Vendors & Products Sourcecodester
Sourcecodester leave Application System

Tue, 31 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Title SourceCodester Leave Application System file inclusion
Weaknesses CWE-73
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Leave Application System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-31T18:30:14.803Z

Reserved: 2026-03-31T10:18:25.536Z

Link: CVE-2026-5210

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T19:16:29.597

Modified: 2026-03-31T19:16:29.597

Link: CVE-2026-5210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:37:27Z

Weaknesses