Description
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.
Published: 2026-04-16
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

SourceCodester Vehicle Parking Area Management System version 1.0 contains a flaw in the page /parking/manage_park.php that allows malicious user input to be embedded directly into SQL statements. This SQL Injection vulnerability could let an attacker execute arbitrary database queries, potentially exposing sensitive information or modifying data. The defect corresponds to the well‑known injection weakness identified as CWE‑89.

Affected Systems

The vulnerability affects SourceCodester Vehicle Parking Area Management System v1.0. No additional vendor or version data is available.

Risk and Exploitability

The attack vector appears to be web‑based, via the publicly reachable /parking/manage_park.php endpoint. Based on the description, it is inferred that any authenticated or unauthenticated user who can access the page may be able to inject SQL payloads. With a CVSS score of 9.8, the vulnerability is considered critical, and although the EPSS score is unavailable and it is not listed in the KEV catalog, the SQL injection flaw presents a significant risk of data compromise.

Generated by OpenCVE AI on April 17, 2026 at 06:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Sanitize and validate all user inputs, and use parameterized queries or prepared statements for all database interactions.
  • Restrict the database account used by the application to only the privileges required for normal operation, avoiding full schema access.
  • Apply the latest patch or upgrade the source code when an official fix becomes available; until then, implement input filtering and monitor logs for suspicious SQL activity.

Generated by OpenCVE AI on April 17, 2026 at 06:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Vehicle Parking Area Management System v1.0

Thu, 16 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester vehicle Parking Area Management System
Vendors & Products Sourcecodester
Sourcecodester vehicle Parking Area Management System

Thu, 16 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.
References

Subscriptions

Sourcecodester Vehicle Parking Area Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T15:42:56.413Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37345

cve-icon Vulnrichment

Updated: 2026-04-16T15:41:05.511Z

cve-icon NVD

Status : Received

Published: 2026-04-16T15:17:37.447

Modified: 2026-04-16T16:16:17.050

Link: CVE-2026-37345

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T06:30:11Z

Weaknesses