Description
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: Remote SQL Injection
Action: Patch Immediately
AI Analysis

Impact

The vulnerability allows an attacker to inject arbitrary SQL commands into the query executed by /librarysystem/load_student.php. This could enable unauthorized reading of student records, modification of data, or even deletion of the database, thereby compromising the confidentiality, integrity, and availability of the system. The weakness can be identified as an SQL Injection flaw.

Affected Systems

The affected application is Sourcecodester Basic Library System version 1.0, a web-based library management system. The specific file exposed is /librarysystem/load_student.php, which processes user input without proper sanitization. No additional vendor or product information is provided.

Risk and Exploitability

The CVSS score is not supplied, but the nature of SQL injection typically represents a high severity risk. Because the attack vector involves a web form or URL parameter, an external attacker can likely exploit the flaw remotely without needing privileged access. EPSS information is unavailable and the vulnerability is not listed in CISA's KEV catalog, so the likelihood of exploitation is uncertain, yet the potential impact warrants immediate attention.

Generated by OpenCVE AI on April 13, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patched release of Sourcecodester Basic Library System v1.0 if one is available.
  • If no patch is available, modify the application to use parameterized queries or stored procedures to eliminate unsanitized input.
  • Escalate database account privileges to the minimum required for the application to function, preventing widespread damage if injection succeeds.
  • Implement input validation to reject suspicious characters or patterns before they reach the database layer.
  • Enable logging and monitor for anomalous SQL activity that could indicate an ongoing attack.

Generated by OpenCVE AI on April 13, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Basic Library System v1.0
Weaknesses CWE-89

Mon, 13 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:42:54.500Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36874

cve-icon Vulnrichment

Updated: 2026-04-13T20:42:51.672Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T13:16:41.673

Modified: 2026-04-13T21:16:26.833

Link: CVE-2026-36874

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:00Z

Weaknesses