- **Vulnerability ID:** VDB-344591(CVE-2026-2009) - **Affected Product:** SourceCodester Gas Agency Management System 1.0 - **Vulnerability Type:** Access Control - **CVSS Score:** 5.7 - **Exploit Price Range:** $0-$5k - **CTI Interest Score:** 3.12 - **Summary:** - A critical vulnerability was found in SourceCodester Gas Agency Management System 1.0. - The vulnerability is due to improper access control in the createUser.php file. - The vulnerability can be exploited remotely and an exploit is publicly available. - **Details:** - The issue impacts confidentiality, integrity, and availability. - The vulnerability can be mitigated by addressing CWE-284 (Improper Access Control). - The product does not properly restrict access from an unauthorized actor. - An exploit proof-of-concept is available on GitHub. - The vulnerability identifier is CVE-2026-2009 and is classified as critical according to the MITRE ATT&CK framework (T1068 technique).