Description
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: SQL injection that can allow attackers to read, modify, or delete data
Action: Apply Fix
AI Analysis

Impact

The flaw is a classic SQL injection in the load_admin.php endpoint of Sourcecodester Basic Library System v1.0. Because user input is incorporated into database queries without proper sanitization or parameterization, an attacker can inject arbitrary SQL statements. This could lead to unauthorized disclosure of sensitive data, alteration of library records, or even destruction of the underlying database. The vulnerability directly affects the confidentiality and integrity of the system, and may compromise availability if destructive queries are executed.

Affected Systems

This vulnerability impacts the open‑source Sourcecodester Basic Library System at version 1.0. No vendor or product name is listed beyond the project itself, and the affected component is the load_admin.php file inside the /librarysystem directory. Users running this exact version in any environment are at risk, regardless of host configuration.

Risk and Exploitability

The risk is considered moderate to high because the exploit requires only Web access to the vulnerable endpoint, making it publicly exploitable. No exploit probability score is available and the vulnerability is not listed in the CISA KEV catalog, but the nature of SQL injection is well understood and provides a clear attack path. Attackers who can send malicious input to the endpoint can gain full database control, making this a significant threat for any deployment of the affected version.

Generated by OpenCVE AI on April 13, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update or patch the source code to use prepared statements or parameterized queries for all database interactions in load_admin.php
  • Apply input validation and sanitization to filter out malicious characters from user input
  • Deploy an application firewall or WAF rules that block common SQL injection patterns
  • Audit the database permissions to ensure that the database user has the least privilege needed for application operation
  • Monitor logs for unusual query patterns and investigate any suspicious activity promptly

Generated by OpenCVE AI on April 13, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title SQL Injection in Sourcecodester Basic Library System v1.0
Weaknesses CWE-89

Mon, 13 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:43:19.469Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36873

cve-icon Vulnrichment

Updated: 2026-04-13T20:43:14.691Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T13:16:41.553

Modified: 2026-04-13T21:16:26.660

Link: CVE-2026-36873

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:01Z

Weaknesses