CVE-2026-11519

Vulnerability

A security flaw exists in SourceCodester Inventory System 1.0 within the Account Creation Handler component, specifically in the file /Product_Inventory/api/users_handler.php. The vulnerability lies in the manipulation of the ROLE argument, leading to improper authorization. This issue affects version 1.0 of the software.

Exploitation

An attacker can exploit this vulnerability remotely by manipulating the ROLE argument in the /Product_Inventory/api/users_handler.php file. No specific authentication or user interaction requirements are mentioned in the available references, suggesting it might be accessible without prior privileges.

Impact

Successful exploitation of this vulnerability results in improper authorization, which could allow an attacker to gain elevated privileges or perform actions they are not normally permitted to. The exact scope and consequences of this improper authorization are not detailed in the provided references.

Mitigation

No specific mitigation or patched version information is available in the provided references. The exploit has been publicly released, indicating a potential risk for unpatched installations.