Description
SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: Data Compromise
Action: Immediate Patch
AI Analysis

Impact

The Vulnerability is a classic SQL injection flaw located in the PHP file that handles storage unit management. By embedding crafted SQL fragments into form inputs, an attacker can alter the structure of the database query. The result is the ability to read, modify, or delete protected data, thereby compromising confidentiality, integrity, and potentially availability of the system's records.

Affected Systems

The system affected is SourceCodester Storage Unit Rental Management System, version 1.0. No other versions or variants are listed as affected. The application is deployed in a web environment and the vulnerability resides in the administration interface located at /storage/admin/maintenance/manage_storage_unit.php.

Risk and Exploitability

The likely attack vector is a web‑based request to the admin panel and requires the attacker to inject data into user‑controlled inputs. Based on the description, it is inferred that authentication to the admin panel may be necessary, but the vulnerability could be triggered by any input that is not properly sanitized. The CVSS score is not provided, EPSS is unavailable, and the vulnerability is not listed in the CISA KEV catalog, leaving the precise exploitation likelihood undefined. Nonetheless, the presence of an SQL injection flaw presents a high potential for data compromise if sufficient access can be obtained.

Generated by OpenCVE AI on April 14, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest patched version of the application that removes the injection flaw.
  • If an upgrade is not possible, restrict the /storage/admin/maintenance path to a single administrative account and enforce strong authentication mechanisms.
  • Sanitize all user‑provided input and implement parameterized queries or proper escaping within the PHP code.
  • Disable PHP error display to prevent leakage of database structure and enable secure logging of anomalies.

Generated by OpenCVE AI on April 14, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Storage Unit Rental Management System

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester storage Unit Rental Management System
Vendors & Products Sourcecodester
Sourcecodester storage Unit Rental Management System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php.
References

Subscriptions

Sourcecodester Storage Unit Rental Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:33:11.824Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37589

cve-icon Vulnrichment

Updated: 2026-04-14T15:33:04.314Z

cve-icon NVD

Status : Received

Published: 2026-04-14T15:16:32.677

Modified: 2026-04-14T16:16:40.577

Link: CVE-2026-37589

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:57Z

Weaknesses