The vulnerability is a classic SQL Injection flaw found in the /parking/manage_user.php file of SourceCodester Vehicle Parking Area Management System v1.0. It allows an attacker to inject arbitrary SQL statements into the database query that the application executes. Because the code concatenates user‑provided input directly into a SQL statement, the attacker can read, modify, or delete data stored in the backend database, and potentially manipulate the application’s control flow. The weakness is CWE‑89, which describes unsanitized SQL query handling that can lead to data confidentiality and integrity compromise.

The affected product is SourceCodester Vehicle Parking Area Management System (v1.0). No other vendors or products are listed in the CNA data. The vulnerability resides specifically in the /parking/manage_user.php file, which handles user management functions, so any installation of version 1.0 that exposes this endpoint is vulnerable.

The EPSS score of < 1% indicates a very low but nonzero probability of exploitation, while the CVSS score of 7.2 signifies high severity with potential for data confidentiality and integrity compromise. The vulnerability has not been listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is HTTP, where the attacker submits crafted input to the /parking/manage_user.php form or query string. Successful exploitation requires the ability to send requests to the target server; no authentication is mentioned in the description, so the assumption is the endpoint is publicly reachable. The attacker can then alter or extract data, depending on privileges granted to the database user. Because the flaw is straightforward and no countermeasures are noted, the risk is moderate to high in environments where the vehicle parking area management system is exposed to untrusted users.