CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

CVE-2026-11519 SourceCodester Inventory System Account Creation users_handler.php improper authorization

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

EUVD-2026-35069

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

CVE-2026-11519 SourceCodester Inventory System Account Creation users_handler.php improper authorization

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

SourceCodester Inventory System 安全漏洞

The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System contains a security vulnerability. This vulnerability stems from the operation of the ROLE parameter in the Account Creation Handler component...

PT-2026-47293

Name of the Vulnerable Software and Affected Versions SourceCodester Inventory System version 1.0 Description An improper authorization issue exists in the Account Creation Handler component within the file '/Product Inventory/api/users handler.php'. A remote attacker can manipulate the ROLE...

CVE-2026-5118

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

CVE-2026-39327

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-10227

CVE-2026-10227 affects the project “raisulislamg4 student_management_system_by_php” (unknown version range) via an SQL injection in an argument within add_user_check.php of the User Creation Handler. According to the description, manipulating the role parameter enables remote exploitation, and th...

PT-2026-45271

A vulnerability has been found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add user check.php of the component User Creation Handler. The manipulation of the argument role leads to sql...

student_management_system_by_php SQL注入漏洞

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a SQL injection vulnerability, which stems from the incorrect handling of the 'role' parameter in the User Creation Handler component of the...

School Student Management System 授权问题漏洞

School Student Management System is an open-source tool developed by Binary Brains for managing school student information. The School Student Management System has a vulnerability related to authorization. This vulnerability stems from the parameter role in the function signauthcookie of the...

Invoice-System 授权问题漏洞

Invoice-System is an invoice management system development exercise tool by Sushmita Palikhe individual developer. Invoice-System a0a3faa16dee2621b231ae227333f5761607283b and prior versions have an authorization issue vulnerability that stems from a parameter role operation in the User Management...

EUVD-2026-31270

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

CVE-2026-5118

CVE-2026-5118 affects Divi Form Builder for WordPress (

PT-2026-41943

Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Unauthenticated remote attackers can escalate privileges by self-assigning an administrative role during the registration process. This occurs because the '/api/user/signup'...

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...