CVEFinder.io

CVE-2026-31070

🔶 medium
🔍 Scan for this CVE
Summary

The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body

CVSS Score
-
EPSS Score
-
Published Date
2026-05-19
First Seen: 2026-05-20
Last Modified 2026-05-19
Source NVD 🔗

📦 Affected Products 0

No affected products information available

🔗 References 2

https://gist.github.com/nedlir/22bf6d1a3a07209be3e34...
https://github.com/LalanaChami/Pharmacy-Mangment-Sys...