The vulnerability is a classic SQL injection flaw located in the file /parking/manage_location.php of the SourceCodester Vehicle Parking Area Management System version 1.0. This weakness allows an attacker to inject arbitrary SQL statements that are executed by the underlying database engine. The consequences include unauthorized reading, modification, or deletion of parking records and potentially sensitive user information, thereby compromising confidentiality and integrity. The flaw maps to CWE‑89.

The affected product is the SourceCodester Vehicle Parking Area Management System, version 1.0. No additional vendor or product information is provided beyond the mention of the managing locations module. The vulnerability exists in the manage_location.php script.

Because the CVSS score is not given and EPSS data is unavailable, the exact severity and likelihood of exploitation cannot be quantified. However, as the attack vector is through the web interface, and the flaw permits arbitrary SQL code execution, the risk can be considered high if the application is publicly accessible. No entry in the CISA KEV catalog indicates that known exploits are not documented, but the absence of such a listing does not guarantee absence of real-world attacks. The best‑effort inference is that the attack likely requires authenticated access to the location management feature, but the description does not state authentication requirements explicitly. Given the classic nature of the issue, it is prudent to treat it as a significant exposure.