Description
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the file /rsms/admin/services/view_service.php of the Computer and Mobile Repair Shop Management System version 1.0. An attacker can inject arbitrary SQL through input parameters, allowing the execution of unauthorized queries. This can lead to unauthorized data retrieval, modification, or deletion of sensitive business information such as service records, customer details, or financial data. The weakness is identified as SQL Injection (CWE‑89).

Affected Systems

The affected product is the Sourcecodester Computer and Mobile Repair Shop Management System, version 1.0, deployed as a PHP web application on a web server. No official vendor is listed, and the product appears to be community‑produced. Systems running this version with the view_service.php file exposed to unauthenticated or weakly authenticated users are at risk.

Risk and Exploitability

The CVSS score of 2.7 indicates a low severity, and an EPSS score below 1% suggests the vulnerability is unlikely to be widely exploited in the near term. It is not listed in the CISA KEV catalog. The likely attack vector is through the web interface, where an attacker submits a specially crafted request to the view_service.php script. No official patch or workaround is documented, so the vulnerability remains exploitable until the application is updated or input handling is hardened.

Generated by OpenCVE AI on April 14, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the application to the latest version if one is available.
  • Validate and sanitize all user input that is incorporated into SQL queries, particularly the parameters used in view_service.php.
  • Use prepared statements or parameterized queries to prevent direct inclusion of user input in SQL statements.
  • Restrict access to administrative pages to authenticated and authorized users, and consider limiting access to trusted IP ranges.
  • Monitor application logs for suspicious SQL activity and apply web application firewall rules to block malformed queries.

Generated by OpenCVE AI on April 14, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in Computer and Mobile Repair Shop Management System v1.0

Tue, 14 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 computer And Mobile Repair Shop Management System
CPEs cpe:2.3:a:oretnom23:computer_and_mobile_repair_shop_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 computer And Mobile Repair Shop Management System

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Computer and Mobile Repair Shop Management System v1.0

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester computer And Mobile Repair Shop Management System
Vendors & Products Sourcecodester
Sourcecodester computer And Mobile Repair Shop Management System

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Description Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.
References

Subscriptions

Oretnom23 Computer And Mobile Repair Shop Management System
Sourcecodester Computer And Mobile Repair Shop Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:26:01.343Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36947

cve-icon Vulnrichment

Updated: 2026-04-13T20:25:57.810Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T14:16:14.007

Modified: 2026-04-14T17:43:58.490

Link: CVE-2026-36947

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')