Zero Day MonitorZDM

← Back to list

5.3

CVE-2026-5326

sourcecodester · leave application system

SourceCodester Leave Application System User Information index.php authorization

Description

A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manage_user of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. The exploit is publicly available and might be used.

Affected Products

Vendor	Product	Versions
sourcecodester	leave application system	1.0

References

https://vuldb.com/vuln/354657(vdb-entry, technical-description)
https://vuldb.com/vuln/354657/cti(signature, permissions-required)
https://vuldb.com/submit/780773(third-party-advisory)
https://medium.com/@hemantrajbhati5555/insecure-direct-object-reference-idor-in-leave-application-system-php-sqlite3-66af35b8b6ea(broken-link, exploit)
https://www.sourcecodester.com/(product)

CVSS 3.15.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-639, CWE-285

PublishedApr 2, 2026

Last enriched2h ago

Trending Score0

Source articles0

Independent0

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice"

MEDIUMCVE-2026-30526

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The app

MEDIUMCVE-2026-30523

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which deter

MEDIUMCVE-2026-5330

SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

NONECVE-2026-5325

SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026