Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-31070: LalanaChami Pharmacy Management System: Unauthorized Role Assignment
CVE-2026-31070
Summary
The LalanaChami Pharmacy Management System has a security issue that allows anyone to give themselves extra privileges. This could allow unauthorized users to access sensitive information or make changes they shouldn't be able to. To fix this, the developers should update the system to check the role being assigned during the registration process.
Original title
The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/use...
Original description
The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body
Vulnerability type
CWE-269
Improper Privilege Management
Published: 19 May 2026 · Updated: 28 May 2026 · First seen: 19 May 2026