Description
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access via SQL Injection
Action: Patch Immediately
AI Analysis

Impact

The Basic Library System version 1.0 contains a SQL Injection flaw in the /librarysystem/load_book.php endpoint. The vulnerability allows an attacker to manipulate the SQL query executed against the database, potentially retrieving or modifying sensitive data. This weakness is classified as CWE‑89 and does not require elevated privileges to exploit. Based on the description, it is inferred that an attacker could craft input directly into the endpoint URL or form fields, resulting in unauthorized database access.

Affected Systems

The affected product is the Basic Library System authored by Razormist, version 1.0. No other vendors or versions are identified in the available data.

Risk and Exploitability

The CVSS base score of 2.7 places the issue in the low to moderate severity range, and an EPSS score of less than 1 % indicates that exploitation is currently uncommon. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation. The likely attack vector involves sending crafted input to the load_book.php page, and exploitation is possible as long as the input is not properly sanitized or parameterized. Based on the description, it is inferred that the flaw remains exploitable in the current configuration.

Generated by OpenCVE AI on April 14, 2026 at 19:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Patch or upgrade to a version where the SQL injection is fixed
  • Sanitize all user-supplied input before including it in database queries
  • Rewrite the database access code to use prepared statements or parameterized queries
  • Validate inputs to block characters commonly used in SQL injection attempts

Generated by OpenCVE AI on April 14, 2026 at 19:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Basic Library System Load Book Endpoint

Tue, 14 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Razormist
Razormist basic Library System
CPEs cpe:2.3:a:razormist:basic_library_system:1.0:*:*:*:*:*:*:*
Vendors & Products Razormist
Razormist basic Library System

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Basic Library System
Weaknesses CWE-20

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester basic Library System
Vendors & Products Sourcecodester
Sourcecodester basic Library System

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Basic Library System
Weaknesses CWE-20
CWE-89

Mon, 13 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
References

Subscriptions

Razormist Basic Library System
Sourcecodester Basic Library System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:43:49.914Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36872

cve-icon Vulnrichment

Updated: 2026-04-13T20:43:46.554Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T13:16:41.437

Modified: 2026-04-14T17:42:25.443

Link: CVE-2026-36872

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses