NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-31070

Summary	The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body
Publication Date	May 20, 2026, 1:16 a.m.
Registration Date	May 20, 2026, 4:13 a.m.
Last Update	May 20, 2026, 3:04 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://gist.github.com/nedlir/22bf6d1a3a07209be3e343744bc81d51	cve@mitre.org
2	https://github.com/LalanaChami/Pharmacy-Mangment-System/blob/5c3d02888631166649856f71d542387114b3010b/backend/routes/user.js#L16	cve@mitre.org

Common Vulnerabilities List