Description
SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

An input on the admin rent management page of the Storage Unit Rental Management System can be manipulated to inject arbitrary SQL commands, allowing an attacker to read, modify, or delete data in the database. This compromise of data confidentiality and integrity is a classic input validation failure identified as CWE‑89.

Affected Systems

The vulnerability is identified in SourceCodester Storage Unit Rental Management System version 1.0. No other versions or vendor-specific details are documented, so the impact is limited to installations of this specific open‑source package.

Risk and Exploitability

The CVSS score of 2.7 indicates low severity, and the lack of an EPSS value or KEV listing suggests limited public exploitation. The likely attack vector assumes the attacker already has access to the administrative rent page—authentication or elevated privileges are required. No public exploits are cited, so exploitation would rely on sending crafted HTTP requests to the vulnerable endpoint to manipulate the SQL query.

Generated by OpenCVE AI on April 14, 2026 at 18:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor‑supplied patch or upgrade to a newer, non‑vulnerable version of the Storage Unit Rental Management System.
  • If an update is not immediately possible, edit /storage/admin/rents/manage_rent.php to use parameterized queries or safely escape user input.
  • Restrict network access to the /storage/admin/rents/manage_rent.php endpoint, allowing only trusted administrators to reach it.
  • Monitor web server logs for unusual SQL query patterns or failed login attempts on the admin rent page.
  • Report the finding to the vendor or open‑source project maintainers to obtain official remediation.

Generated by OpenCVE AI on April 14, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in Storage Unit Rental Management System Admin Rent Page

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Storage Unit Rental Management System Admin Rent Page

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester storage Unit Rental Management System
Vendors & Products Sourcecodester
Sourcecodester storage Unit Rental Management System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php.
References

Subscriptions

Sourcecodester Storage Unit Rental Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:29:38.686Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37590

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:10.534Z

cve-icon NVD

Status : Deferred

Published: 2026-04-14T15:16:32.800

Modified: 2026-06-17T10:41:36.020

Link: CVE-2026-37590

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')