The Sourcecodester Computer and Mobile Repair Shop Management System v1.0 contains a SQL injection flaw in the /rsms/admin/clients/manage_client.php script. The flaw allows an attacker to inject arbitrary SQL statements into database queries that the application executes. This can enable unauthorized viewing, modification or deletion of data stored in the backend database, compromising the confidentiality, integrity, and availability of customer and business information as defined by CWE‑89.

Vulnerable systems are those running Sourcecodester’s Computer and Mobile Repair Shop Management System version 1.0. Any deployment that includes the manage_client.php page exposed via the web, especially within the administrative interface, is susceptible. No other versions or products were identified in the CVE entry.

The entry lists a CVSS base score of 2.7, indicating low overall severity. EPSS information is unavailable and the vulnerability is not recorded in the CISA KEV catalog. Based on the description, the likely attack vector is a web interface that accepts unsanitized input through the manage_client.php endpoint. If the attacker has access to the admin area, they could craft requests that inject malicious SQL; if not, the flaw may still be exploitable through publicly accessible parameters depending on configuration. Successful exploitation would allow an attacker to read, alter, or delete records in the application’s database, potentially exposing sensitive business data.