CVE-2026-2009
📋 TL;DR
This vulnerability allows improper access control in SourceCodester Gas Agency Management System 1.0, enabling unauthorized user creation or privilege escalation via the /gasmark/php_action/createUser.php endpoint. Attackers can exploit this remotely to gain unauthorized access. Organizations using this specific software version are affected.
💻 Affected Systems
- SourceCodester Gas Agency Management System
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers create administrative accounts, take full control of the system, and potentially compromise sensitive gas agency data including customer information and financial records.
Likely Case
Unauthorized users gain access to create accounts with elevated privileges, allowing data manipulation, unauthorized system access, and potential lateral movement within the network.
If Mitigated
With proper access controls and network segmentation, impact is limited to the specific application instance with no lateral movement or data exfiltration.
🎯 Exploit Status
Exploit code is publicly available on GitHub, making this easily weaponizable by attackers with minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.sourcecodester.com/
Restart Required: No
Instructions:
No official patch available. Consider removing or replacing the software entirely.
🔧 Temporary Workarounds
Restrict access to createUser.php
allBlock or restrict access to the vulnerable PHP file using web server configuration or firewall rules.
# Apache: Add to .htaccess
<Files "createUser.php">
Order Deny,Allow
Deny from all
</Files>
# Nginx: Add to server block
location ~ /gasmark/php_action/createUser\.php$ {
deny all;
return 403;
}
Implement authentication middleware
allAdd authentication checks before processing createUser.php requests.
# Add to top of createUser.php
session_start();
if (!isset($_SESSION['admin']) || $_SESSION['admin'] !== true) {
http_response_code(403);
exit('Access denied');
}
🧯 If You Can't Patch
- Remove the software from production environments immediately.
- Isolate the system on a separate network segment with strict firewall rules limiting inbound/outbound traffic.
🔍 How to Verify
Check if Vulnerable:
Check if /gasmark/php_action/createUser.php exists and is accessible without proper authentication. Attempt to access the file directly via browser or curl.Check Version:
Check software version in admin panel or readme files. Default installation is version 1.0.Verify Fix Applied:
Verify that createUser.php returns 403 Forbidden or redirects to login when accessed without authentication.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /gasmark/php_action/createUser.php
- Multiple failed authentication attempts followed by successful createUser.php access
- New user accounts created from unexpected IP addresses
Network Indicators:
- HTTP POST requests to createUser.php endpoint without preceding login requests
- Traffic patterns showing user creation outside normal business hours
SIEM Query:
source="web_server" AND (uri="/gasmark/php_action/createUser.php" OR uri LIKE "%/createUser.php") AND (response_code=200 OR response_code=302)