Description
Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch System
AI Analysis

Impact

The vulnerability lies in the view_booking.php file of Sourcecodester Cab Management System 1.0, allowing unauthenticated or authorized users to inject arbitrary SQL commands into the database. Such injection could lead to unauthorized data exposure, modification, or deletion of booking records, potentially compromising customer privacy and financial integrity. This weakness is a classic example of improper input validation, tracked as CWE‑89.

Affected Systems

This issue affects the Cab Management System released by Sourcecodester, version 1.0. No other products or versions are listed as affected.

Risk and Exploitability

The CVSS base score of 2.7 indicates low severity, and the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not recorded in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector is via the web interface, where an attacker submits a crafted request to the /cms/admin/bookings/view_booking.php endpoint. The description does not state explicit authentication requirements, so it is inferred that the attacker may need access to the admin web area, but the vulnerability itself does not require privileged credentials.

Generated by OpenCVE AI on April 14, 2026 at 18:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace or sanitize user input in view_booking.php using prepared statements or an ORM to prevent SQL injection.
  • Restrict access to the /cms/admin/bookings directory by enforcing proper authentication and role-based access control.
  • Apply any available patches or upgrades from Sourcecodester that address this issue. If no patch is available, consider removing the vulnerable page from public exposure or moving the administrative functions to a protected network tier.

Generated by OpenCVE AI on April 14, 2026 at 18:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in view_booking.php of Sourcecodester Cab Management System 1.0

Tue, 14 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 cab Management System
CPEs cpe:2.3:a:oretnom23:cab_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 cab Management System

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in view_booking.php of Sourcecodester Cab Management System 1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester cab Management System
Vendors & Products Sourcecodester
Sourcecodester cab Management System

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
References

Subscriptions

Oretnom23 Cab Management System
Sourcecodester Cab Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:27:18.316Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36923

cve-icon Vulnrichment

Updated: 2026-04-13T20:27:14.981Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T13:16:42.107

Modified: 2026-04-14T17:43:23.620

Link: CVE-2026-36923

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses