CVE-2026-37341 - Vulnerability Details

Description

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.

Published: 2026-04-16

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker to inject arbitrary SQL commands through the manage_category.php script in the Vehicle Parking Area Management System. This flaw could enable unauthorized read, update, or deletion of data stored in the underlying database, compromising confidentiality and possibly integrity of the parking records.

Affected Systems

SourceCodester Vehicle Parking Area Management System, version 1.0. The only affected file is parking/manage_category.php.

Risk and Exploitability

No CVSS score or EPSS information is provided, so the precise severity cannot be quantified. Because the injection is reachable via a standard HTTP request to the vulnerable PHP page, attackers with web access may exploit it if the system is exposed to the internet. The vulnerability is not listed in CISA's KEV catalog. In the absence of an official patch, the risk remains until mitigated.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Vehicle Parking Area Management System

80%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor-provided patch or update to a newer version where the SQL injection is fixed.
Refactor the manage_category.php code to use prepared statements with parameterized queries and properly escape inputs.
Enforce strict authentication and restrict access to the management interface to authorized administrators only.

Generated by OpenCVE AI on April 17, 2026 at 04:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-1.md

History

Fri, 17 Apr 2026 05:15:00 +0000

Type	Values Removed	Values Added
Title		SQL Injection in Vehicle Parking Area Management System
Weaknesses		CWE-20 CWE-89

Thu, 16 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sourcecodester Sourcecodester vehicle Parking Area Management System
Vendors & Products		Sourcecodester Sourcecodester vehicle Parking Area Management System

Thu, 16 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.
References		https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-1.md

Subscriptions

Sourcecodester Vehicle Parking Area Management System

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-16T00:00:00.000Z

Updated: 2026-04-16T14:49:44.408Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37341

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-16T15:17:37.007

Modified: 2026-04-16T15:17:37.007

Link: CVE-2026-37341

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T05:00:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object