Description
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.
Published: 2026-04-16
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Breach
Action: Assess Impact
AI Analysis

Impact

The vulnerability permits injection of arbitrary SQL commands via the manage_category.php script in the Vehicle Parking Area Management System. Based on the description, it is inferred that this flaw might permit unauthorized read, update, or deletion of data stored in the underlying database, potentially compromising confidentiality and integrity of the parking records.

Affected Systems

SourceCodester Vehicle Parking Area Management System, version 1.0. The only affected file is parking/manage_category.php.

Risk and Exploitability

The CVSS score is 7.2, classifying the severity as high. The EPSS score is < 1%, indicating a low current likelihood of exploitation. Based on the description, it is inferred that the injection is reachable via a standard HTTP request to the vulnerable PHP page, meaning that users with web access could potentially exploit it if the system is exposed to the internet. The vulnerability is not listed in CISA's KEV catalog. Without an official patch, the risk persists until mitigated.

Generated by OpenCVE AI on April 18, 2026 at 20:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑provided patch or update to a newer version where the SQL injection is fixed.
  • Refactor the manage_category.php code to use prepared statements with parameterized queries and properly escape inputs.
  • Enforce strict authentication and restrict access to the management interface to authorized administrators only.

Generated by OpenCVE AI on April 18, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Vehicle Parking Area Management System

Sat, 18 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Vehicle Parking Area Management System
Weaknesses CWE-20

Sat, 18 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Title SQL Injection in Vehicle Parking Area Management System
Weaknesses CWE-20
CWE-89

Thu, 16 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester vehicle Parking Area Management System
Vendors & Products Sourcecodester
Sourcecodester vehicle Parking Area Management System

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.
References

Subscriptions

Sourcecodester Vehicle Parking Area Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-18T02:16:24.628Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37341

cve-icon Vulnrichment

Updated: 2026-04-18T02:16:08.259Z

cve-icon NVD

Status : Deferred

Published: 2026-04-16T15:17:37.007

Modified: 2026-04-18T03:16:12.573

Link: CVE-2026-37341

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T20:45:05Z

Weaknesses