The vulnerability resides in the file /parking/view_parked_details.php of SourceCodester Vehicle Parking Area Management System v1.0 and allows unauthenticated attackers to inject arbitrary SQL statements. By manipulating input parameters without proper escaping or parameterization, a malicious user can execute commands such as SELECT, UPDATE, or DELETE on the underlying database, potentially exposing sensitive vehicle and user data or altering system records. This type of flaw is a classic data‑exfiltration problem, classified under processed data confidentiality and integrity weaknesses.

The affected product is SourceCodester Vehicle Parking Area Management System version 1.0, a web application designed for managing parking facilities. The vulnerability is specifically located in the parking view page, and no variants or higher versions have been publicly identified as affected. The product is deployed on typical LAMP stacks, and the exposure is through HTTP requests to the mentioned PHP page.

EPSS data and KEV status are currently unavailable, so the exploitation probability cannot be quantified. Nevertheless, the attack vector is remote over the standard web interface, and skilled attackers could exploit the flaw immediately if the application is exposed to untrusted traffic. Since there is no vendor‑issued patch or alternative, the risk remains high for systems running default configurations that allow raw SQL manipulation. Administrators should treat this as a critical issue until a remediation is applied.