Vulnerability ID: VDB-344591(CVE-2026-2009) Affected Product: SourceCodester Gas Agency Management System 1.0 Vulnerability Type: Access Control CVSS Score: 5.7 Exploit Price Range: $0-$5k CTI Interest Score: 3.12 Summary: - A critical vulnerability was found in SourceCodester Gas Agency Management System 1.0. - The vulnerability is due to improper access control in the createUser.php file. - The vulnerability can be exploited remotely and an exploit is publicly available. Details: - The issue impacts confidentiality, integrity, and availability. - The vulnerability can be mitigated by addressing CWE-284 (Improper Access Control). - The product does not properly restrict access from an unauthorized actor. - An exploit proof-of-concept is available on GitHub. - The vulnerability identifier is CVE-2026-2009 and is classified as critical according to the MITRE ATT&CK framework (T1068 technique).