Description
SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: Unrestricted Access to Database Contents
Action: Immediate Patch
AI Analysis

Impact

The StoreUnit Rental Management System v1.0 allows attackers to inject arbitrary SQL commands through the /storage/admin/rents/manage_rent.php endpoint. This flaw can be used to read, modify or delete database information, compromising confidentiality, integrity and potentially availability of the system. The weakness is a classic failure to neutralize input values used in SQL statements, corresponding to the well-known CWE-89 class of attack vectors.

Affected Systems

The vulnerability is limited to the Storage Unit Rental Management System version 1.0, a PHP‑based web application that manages rental agreements. No vendor name is listed, but the application is hosted on a web server where the admin section is exposed.

Risk and Exploitability

Because the flaw resides in a publicly accessible web page, attackers can exercise the attack from any internet‑connected location with knowledge of the URL. The lack of CVSS and EPSS data does not diminish the typical severity of an unfiltered SQL injection. The application is not listed in the KEV catalog, yet the potential for data breach or system tampering remains significant without a patch.

Generated by OpenCVE AI on April 14, 2026 at 15:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patch or updated version of the Storage Unit Rental Management System that sanitizes or parameterizes the SQL query in manage_rent.php
  • If no patch is available, restrict the /storage/admin path to authenticated users with least‑privilege access and monitor for suspicious activity
  • Implement input validation or prepared statements to neutralize special characters before database execution
  • Deploy a web application firewall to detect and block SQL injection patterns when possible

Generated by OpenCVE AI on April 14, 2026 at 15:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Storage Unit Rental Management System Admin Rent Page

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester storage Unit Rental Management System
Vendors & Products Sourcecodester
Sourcecodester storage Unit Rental Management System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php.
References

Subscriptions

Sourcecodester Storage Unit Rental Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:29:38.686Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37590

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:10.534Z

cve-icon NVD

Status : Received

Published: 2026-04-14T15:16:32.800

Modified: 2026-04-14T16:16:40.747

Link: CVE-2026-37590

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:56Z

Weaknesses