Description
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: Remote SQL Injection affecting data confidentiality and integrity
Action: Immediate Patch
AI Analysis

Impact

The Basic Library System version 1.0 includes a SQL injection flaw in the file load_book.php. The flaw allows an attacker to inject arbitrary SQL through user-controlled input, potentially leading to unauthorized data disclosure, modification, or destruction. The weakness resides in improper input handling and dynamic query construction, identified as a typical SQL injection weakness.

Affected Systems

The vulnerability affects Sourcecodester Basic Library System v1.0, specifically the web endpoint /librarysystem/load_book.php. Users deploying this version of the system are directly exposed to the flaw.

Risk and Exploitability

Although no CVSS or EPSS score is publicly available, the nature of SQL injection indicates a high potential impact. The likely attack vector is a remote HTTP request to the load_book.php script with crafted parameters. Without additional safeguards, an attacker could gain full read/write access to the underlying database. The vulnerability is not listed in KEV, so the exploit probability is currently uncertain, but the inherent risk warrants immediate attention.

Generated by OpenCVE AI on April 13, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any official patch or upgrade for Sourcecodester Basic Library System to eliminate the vulnerable code

Generated by OpenCVE AI on April 13, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Basic Library System
Weaknesses CWE-20
CWE-89

Mon, 13 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:43:49.914Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36872

cve-icon Vulnrichment

Updated: 2026-04-13T20:43:46.554Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T13:16:41.437

Modified: 2026-04-13T21:16:26.490

Link: CVE-2026-36872

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:02Z

Weaknesses