SourceCodester Water Billing Management System User Management Endpoint Users.php save...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2026-10236

Source VulDB

Published Jun 1, 2026 at 07:30

Affected Product

Vendor SourceCodester

Product Water Billing Management System

Version 1.0

Affected Versions SourceCodester Water Billing Management System 1.0

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2026-06-01T07:30:10.116Z",
    "modified": "2026-06-01T07:30:10.116Z",
    "type": "cve",
    "title": "SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367515\nhttps://vuldb.com/vuln/367515/cti\nhttps://vuldb.com/cve/CVE-2026-10236\nhttps://vuldb.com/submit/823134\nhttps://github.com/renzortega1337/Security-Research-/blob/main/Unauthenticated%20Admin%20Creation%20in%20PHP%20System.md\nhttps://www.sourcecodester.com/",
    "id": "CVE-2026-10236",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "SourceCodester Water Billing Management System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Water Billing Management System",
    "version": "1.0",
    "vendor": "SourceCodester",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization_CVE-2026-10236