Description
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL injection leading to unauthorized database access
Action: Apply Patch
AI Analysis

Impact

The vulnerability is located in the file /rsms/admin/repairs/manage_repair.php of Sourcecodester Computer and Mobile Repair Shop Management System version 1.0. The application concatenates user input directly into a SQL query, creating a SQL injection flaw. It is inferred that an attacker who can submit crafted input to the vulnerable page could alter the SQL statement, potentially reading, modifying, or deleting data in the database, thereby compromising the integrity and confidentiality of the system’s stored information.

Affected Systems

The vulnerable product is Sourcecodester Computer and Mobile Repair Shop Management System version 1.0. No other vendors, products or versions are explicitly listed in the public data.

Risk and Exploitability

The CVSS score of 2.7 indicates a low severity risk. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited exploitation activity. Based on the description, it is inferred that the attack vector is a web-based request to the exposed PHP page, where unsanitized input is used in a database query.

Generated by OpenCVE AI on April 13, 2026 at 23:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether a vendor patch or newer release addressing the SQL injection in /rsms/admin/repairs/manage_repair.php is available and apply it immediately.
  • If no patch exists, modify the code to use parameterized queries or prepared statements for all database interactions in the vulnerable file.
  • Restrict access to the administrative interface to trusted users only and enforce strong authentication controls.
  • Deploy a web application firewall or similar filtering mechanism to detect and block suspicious SQL injection payloads.
  • Monitor application and database logs for abnormal query activity and periodically verify database integrity.

Generated by OpenCVE AI on April 13, 2026 at 23:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Repair Shop Management System v1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester computer And Mobile Repair Shop Management System
Vendors & Products Sourcecodester
Sourcecodester computer And Mobile Repair Shop Management System

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
References

Subscriptions

Sourcecodester Computer And Mobile Repair Shop Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:23:13.859Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36943

cve-icon Vulnrichment

Updated: 2026-04-13T20:23:01.563Z

cve-icon NVD

Status : Deferred

Published: 2026-04-13T15:17:34.410

Modified: 2026-06-17T10:41:24.353

Link: CVE-2026-36943

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:35:55Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')