A classic SQL injection flaw exists in the /librarysystem/load_admin.php file of Sourcecodester Basic Library System v1.0, allowing an attacker to inject arbitrary SQL into queries that are directly executed by the database. This permits reading, modifying or deleting database contents, thereby compromising the confidentiality and integrity of the data stored in the system. The weakness is classified as CWE‑89.

The only affected product is Sourcecodester Basic Library System v1.0, developed by RazorMIST. Users running this exact version on a web server that exposes the librarysystem directory are vulnerable. No other versions or products are listed.

The CVSS score of 2.7 indicates a low severity risk, and the EPSS score is under 1 percent, suggesting a low likelihood of exploitation. The flaw is not listed in the CISA KEV catalog. Attackers can target the vulnerable endpoint via standard web requests, potentially from any Internet‑connected user; authentication requirements are not clearly defined in the description, so it is assumed that unauthenticated users may also exploit the vulnerability. Because this is a web‑based vector, mitigation can rely on input validation or restricting access to the endpoint, but the low exploitation probability means monitoring is acceptable until a patch is applied.