CVE-2026-36946 - Vulnerability Details

Description

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.

Published: 2026-04-13

Score: 2.7 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Sourcecodester Computer and Mobile Repair Shop Management System version 1.0 contains an SQL injection flaw in the file /rsms/admin/inquiries/view_details.php. Unsanitized user input is directly incorporated into a database query, allowing an attacker to inject arbitrary SQL statements. The potential consequences for an attacker—including the ability to read or modify data—are not explicitly detailed by the advisory and are therefore inferred from the nature of SQL injection.

Affected Systems

The only documented affected product is the Sourcecodester Computer and Mobile Repair Shop Management System, version 1.0, as indicated by the CPE string provided.

Risk and Exploitability

The CVSS score of 2.7 indicates low severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA's KEV catalog. Based on the description, the likely attack path involves sending an HTTP request to /rsms/admin/inquiries/view_details.php. The advisory does not state whether authentication is required for this endpoint; this assumption is inferred from the limited information. These details are not directly documented in the advisory.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:oretnom23:computer_and_mobile_repair_shop_management_system:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Sourcecodester

Computer And Mobile Repair Shop Management System

80%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor‑issued patch or upgrade to a fixed version if one exists.
Restrict access to /rsms/admin/inquiries/view_details.php so that only authenticated administrators can reach it.
Validate and sanitize all user input on that page, using parameterized queries where possible.
Enable database query logging to capture suspicious activity.
Regularly review logs for signs of attempted injection and investigate anomalies.

Generated by OpenCVE AI on April 14, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-4.md

History

Wed, 15 Apr 2026 16:00:00 +0000

Type	Values Removed	Values Added
Title	SQL Injection in Sourcecodester Repair Shop Management System

Tue, 14 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Oretnom23 Oretnom23 computer And Mobile Repair Shop Management System
CPEs		cpe:2.3:a:oretnom23:computer_and_mobile_repair_shop_management_system:1.0:::::::*
Vendors & Products		Oretnom23 Oretnom23 computer And Mobile Repair Shop Management System

Tue, 14 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		SQL Injection in Sourcecodester Repair Shop Management System
Weaknesses		CWE-89

Tue, 14 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sourcecodester Sourcecodester computer And Mobile Repair Shop Management System
Vendors & Products		Sourcecodester Sourcecodester computer And Mobile Repair Shop Management System

Mon, 13 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 13 Apr 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.
References		https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-4.md

Subscriptions

Oretnom23 Computer And Mobile Repair Shop Management System

Sourcecodester Computer And Mobile Repair Shop Management System

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-13T00:00:00.000Z

Updated: 2026-05-10T13:20:31.470Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36946

Vulnrichment

Updated: 2026-04-13T20:26:29.949Z

NVD

Status : Modified

Published: 2026-04-13T14:16:13.883

Modified: 2026-05-10T14:16:50.183

Link: CVE-2026-36946

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object