Vulnerabilities

CVE-2026-31070

by Fred · 19/05/2026

The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body

More information : https://gist.github.com/nedlir/22bf6d1a3a07209be3e343744bc81d51

Similar

Tags: Cybersecurity Alert