CVE-2026-11519
MediumCVSS 6.3Summary
A security flaw has been discovered in SourceCodester Inventory System 1.0. The issue affects an unknown functionality of the file /Product_Inventory/api/users_handler.php, where manipulation of the argument ROLE results in improper authorization.
Risk Assessment
This vulnerability can be exploited remotely, posing a risk of unauthorized access to user accounts. The publicly available exploit increases the likelihood of attacks on the system.
Recommendation
It is recommended to immediately update the system to the latest version to eliminate this vulnerability. Additionally, monitor system logs for potential attack attempts.
Original NVD description (English source)
A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

