Description
Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized database access
Action: Immediate Patch
AI Analysis

Impact

A classic SQL injection flaw exists in the file /cms/admin/categories/view_category.php of the Sourcecodester Cab Management System version 1.0. This weakness allows an attacker to inject arbitrary SQL statements, potentially enabling read, modify, or delete operations on the underlying database. The impact is a compromise of the confidentiality and integrity of sensitive data stored by the application, such as cab bookings, customer records, and financial information. The vulnerability is identified as CWE‑89.

Affected Systems

The only product explicitly affected is the Sourcecodester Cab Management System, version 1.0. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 2.7 suggests a low‑to‑moderate severity, and the EPSS score of less than 1% indicates a low projected likelihood of exploitation. The flaw is not included in the CISA KEV list. The attack vector is inferred to be remote, via the web interface exposed by the application. Since the flaw arises from unsanitized user input in a publicly accessible PHP script, an attacker with network access to the webserver can exploit it without additional credentials.

Generated by OpenCVE AI on April 14, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace unsanitized input with parameterized queries or prepared statements in view_category.php
  • Apply strong input validation and escaping to all user‑controlled data
  • Update to a newer or patched version of the Cab Management System if available
  • Limit web access to the admin directory using authentication or IP restriction
  • Monitor application logs for suspicious query activity

Generated by OpenCVE AI on April 14, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Cab Management System 1.0

Tue, 14 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 cab Management System
CPEs cpe:2.3:a:oretnom23:cab_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 cab Management System

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester cab Management System
Vendors & Products Sourcecodester
Sourcecodester cab Management System

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
References

Subscriptions

Oretnom23 Cab Management System
Sourcecodester Cab Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:37:43.698Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36922

cve-icon Vulnrichment

Updated: 2026-04-13T20:30:34.607Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T13:16:42.000

Modified: 2026-04-14T17:43:16.407

Link: CVE-2026-36922

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses