Description
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized database access via SQL injection
Action: Patch
AI Analysis

Impact

The vulnerability originates from unsanitized input handling in the view_details.php file, allowing an attacker to inject arbitrary SQL. This flaw can let the attacker read, modify, or delete database records, leading to loss of data integrity and confidentiality.

Affected Systems

The affected product is Sourcecodester Computer and Mobile Repair Shop Management System, version 1.0. Only this version is mentioned as vulnerable.

Risk and Exploitability

The CVSS score is 2.7, indicating moderate severity. EPSS data is unavailable and the issue is not listed in KEV, suggesting it is not widely exploited yet. The flaw is exploitable through the web interface, likely requiring access to the admin area and potentially authenticated credentials. Without mitigation, an attacker could manipulate the database through the vulnerable endpoint.

Generated by OpenCVE AI on April 13, 2026 at 22:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official patch from Sourcecodester to version 1.0 or newer
  • If no patch is available, modify view_details.php to use parameterized queries or escape input to prevent SQL injection
  • Restrict access to the admin section to trusted users and enforce strong authentication
  • Configure a web application firewall to block suspicious SQL patterns
  • Run a vulnerability scan to confirm the patch or mitigation is effective

Generated by OpenCVE AI on April 13, 2026 at 22:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Sourcecodester Computer and Mobile Repair Shop Management System v1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester computer And Mobile Repair Shop Management System
Vendors & Products Sourcecodester
Sourcecodester computer And Mobile Repair Shop Management System

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
References

Subscriptions

Sourcecodester Computer And Mobile Repair Shop Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:22:39.894Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36944

cve-icon Vulnrichment

Updated: 2026-04-13T20:22:36.748Z

cve-icon NVD

Status : Deferred

Published: 2026-04-13T15:17:34.537

Modified: 2026-06-17T10:41:24.503

Link: CVE-2026-36944

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:35:54Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')