Vulnerabilities ›

CVE-2026-5210

High

A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation

CWE-73 — Weakness Type

                    Published: Mar 31, 2026                      ·  Modified: Apr 7, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

🤖 AI Executive Summary

CVE-2026-5210 is a high-severity remote file inclusion vulnerability in SourceCodester Leave Application System 1.0 that allows unauthenticated attackers to manipulate the 'page' parameter to include arbitrary files. With a CVSS score of 7.3 and public exploit availability, this poses an immediate risk to organizations using this system. No patch is currently available, requiring immediate compensating controls and system isolation.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 7, 2026 04:49

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi government entities, educational institutions, and medium-sized enterprises using SourceCodester Leave Application System for HR management. Government agencies under NCA oversight and organizations subject to SAMA regulations face significant risk if this system manages sensitive employee data or integrates with critical infrastructure. The file inclusion vulnerability could lead to unauthorized access to configuration files, database credentials, and sensitive HR records containing personal information of Saudi nationals.

🏢 Affected Saudi Sectors

Government (NCA-regulated entities) Banking and Financial Services (SAMA-regulated) Healthcare Education Energy and Utilities Telecommunications Medium-sized Enterprises with HR operations

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery T1005 - Data from Local System T1040 - Traffic Sniffing T1021 - Remote Service Session Initiation T1567 - Exfiltration Over Web Service T1105 - Ingress Tool Transfer

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Audit all instances of SourceCodester Leave Application System 1.0 in your environment and document their locations and data sensitivity

2. Isolate affected systems from production networks or restrict access to trusted internal networks only

3. Implement Web Application Firewall (WAF) rules to block requests containing suspicious 'page' parameter values (e.g., ../, /etc/passwd, file://, php://)

4. Enable comprehensive logging of all HTTP requests to the application, particularly those with 'page' parameter manipulation



COMPENSATING CONTROLS:

5. Implement input validation at the WAF level: whitelist only expected page values and reject any containing path traversal sequences

6. Apply principle of least privilege to application service accounts

7. Disable PHP wrappers (php://, file://, etc.) at the server level if possible

8. Implement network segmentation to limit lateral movement if compromise occurs



DETECTION RULES:

9. Monitor for HTTP requests with patterns: page=../, page=%2e%2e/, page=../../../../, page=/etc/passwd, page=php://

10. Alert on any file inclusion attempts in application logs

11. Track failed authentication attempts and unusual file access patterns



LONG-TERM:

12. Evaluate alternative leave management systems with active security support

13. Plan migration away from SourceCodester Leave Application System 1.0

14. Conduct security assessment of any custom modifications to the application

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بمراجعة جميع نسخ نظام إدارة الإجازات من SourceCodester الإصدار 1.0 في بيئتك وتوثيق مواقعها وحساسية البيانات

2. عزل الأنظمة المتأثرة عن شبكات الإنتاج أو تقييد الوصول إلى الشبكات الداخلية الموثوقة فقط

3. تطبيق قواعد جدار حماية تطبيقات الويب لحجب الطلبات التي تحتوي على قيم معاملات 'page' مريبة

4. تفعيل تسجيل شامل لجميع طلبات HTTP للتطبيق، خاصة تلك التي تتضمن معالجة معاملات 'page'

الضوابط التعويضية:

5. تطبيق التحقق من صحة المدخلات على مستوى جدار الحماية: قائمة بيضاء بقيم الصفحات المتوقعة فقط

6. تطبيق مبدأ أقل امتياز على حسابات خدمة التطبيق

7. تعطيل أغلفة PHP على مستوى الخادم إن أمكن

8. تطبيق تقسيم الشبكة لتحديد الحركة الجانبية

قواعد الكشف:

9. مراقبة طلبات HTTP التي تحتوي على أنماط مريبة في معامل 'page'

10. تنبيهات محاولات تضمين الملفات

11. تتبع محاولات المصادقة الفاشلة والأنماط غير العادية للوصول إلى الملفات

المدى الطويل:

12. تقييم أنظمة إدارة الإجازات البديلة

13. التخطيط للهجرة بعيداً عن النظام

14. إجراء تقييم أمان لأي تعديلات مخصصة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies (incident response for vulnerable systems) A.5.2.1 - Access Control (restrict access to vulnerable application) A.5.3.1 - Cryptography (protect sensitive data if exposed) A.5.4.1 - Physical and Environmental Security (network isolation) A.5.5.1 - Operations Security (monitoring and logging) A.5.6.1 - Communications Security (WAF implementation)

🔵 SAMA CSF

Governance & Risk Management - Risk Assessment and Management Information & Cybersecurity - Access Control and Authentication Information & Cybersecurity - Data Protection and Privacy Operational Resilience - Incident Management and Response Operational Resilience - Monitoring and Logging

🟡 ISO 27001:2022

A.5.1.1 - Policies for information security A.5.2.1 - Information security roles and responsibilities A.5.3.1 - Segregation of duties A.6.1.1 - Screening A.6.2.1 - Terms and conditions of employment A.7.1.1 - Physical entry A.8.1.1 - User endpoint devices A.8.2.1 - Privileged access rights A.8.3.1 - Information access restriction A.8.3.2 - Access to networks and network services A.8.3.3 - Access control A.8.3.4 - Other access control considerations A.8.3.5 - Access control for special requirements of information systems A.8.3.6 - Removal or adjustment of access rights A.8.3.7 - Temporary and emergency access A.8.3.8 - User authentication information A.8.3.9 - Cryptographic controls A.8.3.10 - Cryptographic key management A.8.3.11 - Use of cryptography A.8.3.12 - Change of cryptographic keys A.8.3.13 - Availability and resilience A.8.3.14 - Redundancy of information and communication facilities A.8.3.15 - Redundancy of ICT facilities A.8.3.16 - Back-up A.8.3.17 - Redundancy of ICT and facilities A.8.3.18 - ICT readiness for business continuity A.8.3.19 - ICT continuity planning A.8.3.20 - Information security incident management A.8.3.21 - Assessment of information security incidents and deciding on the response to information security incidents A.8.3.22 - Response to information security incidents A.8.3.23 - Learning from information security incidents A.8.3.24 - Collection of evidence A.8.3.25 - Response to information security incidents A.8.3.26 - Business continuity management A.8.3.27 - ICT business continuity A.8.3.28 - Information security aspects of business continuity management A.8.3.29 - ICT readiness for business continuity A.8.3.30 - Testing, maintaining and re-assessing business continuity plans A.8.3.31 - Identification of information security requirements A.8.3.32 - Design and implementation of information security in ICT projects A.8.3.33 - Information security requirements for ICT projects A.8.3.34 - Secure development policy A.8.3.35 - Information security requirements for development and support processes A.8.3.36 - Change management A.8.3.37 - Test information A.8.3.38 - Protection of information systems test facilities A.8.3.39 - Access control for program source code A.8.3.40 - Information security in development and support environments A.8.3.41 - Segregation of development, test and production environments A.8.3.42 - Change management A.8.3.43 - Restrictions on changes to software packages A.8.3.44 - Information security aspects of supplier relationships A.8.3.45 - Information security policy for supplier relationships A.8.3.46 - Addressing information security within supplier agreements A.8.3.47 - Information and communication technology supply chain A.8.3.48 - Monitoring, review and change management of supplier services A.8.3.49 - Information security incident management A.8.3.50 - Readiness to respond to information security incidents A.8.3.51 - Assessment of information security incidents and deciding on the response to information security incidents A.8.3.52 - Response to information security incidents A.8.3.53 - Learning from information security incidents A.8.3.54 - Collection of evidence

🟣 PCI DSS v4.0.1

Requirement 1 - Install and maintain a firewall configuration (WAF implementation) Requirement 2 - Do not use vendor-supplied defaults (disable unnecessary features) Requirement 6 - Develop and maintain secure systems and applications (patch management) Requirement 10 - Track and monitor all access to network resources (logging and monitoring)

🔗 References & Sources 5

🔗

https://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-in-leave-application-sy...

cna@vuldb.com

🔗

https://vuldb.com/submit/780419

cna@vuldb.com

🔗

https://vuldb.com/vuln/354346

cna@vuldb.com

🔗

https://vuldb.com/vuln/354346/cti

cna@vuldb.com

🔗

https://www.sourcecodester.com/

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-73

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-03-31

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-73

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5210

💬 Comments

Introduce Yourself

Sign In Required