The vulnerability resides in the file /parking/view_parked_details.php of SourceCodester Vehicle Parking Area Management System v1.0 and allows attackers to inject arbitrary SQL statements. By manipulating input parameters without proper escaping or parameterization, a malicious user can execute commands such as SELECT, UPDATE, or DELETE on the underlying database, potentially exposing sensitive vehicle and user data or altering system records. This type of flaw is a classic data‑exfiltration problem, classified under processed data confidentiality and integrity weaknesses.

The affected product is SourceCodester Vehicle Parking Area Management System version 1.0, a web application designed for managing parking facilities. The vulnerability is specifically located in the parking view page, and no variants or higher versions have been publicly identified as affected. The product is deployed on typical LAMP stacks, and the exposure is through HTTP requests to the mentioned PHP page.

EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.2 reflects a medium‑to‑high severity, indicating that a successful exploitation would likely compromise data confidentiality, integrity, and potentially availability. The attack vector is remote via the standard web interface, and attackers could inject arbitrary SQL if the application is exposed to untrusted traffic; no vendor‑issued patch is available, so the risk remains significant for unpatched deployments. Administrators should treat this as a high‑priority issue until remediation is applied.