Description
Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: Data Exposure
Action: Mitigate
AI Analysis

Impact

The vulnerability is a classic SQL injection discovered in the endpoint /storage/admin/tenants/view_details.php of the Storage Unit Rental Management System. This flaw allows an attacker to inject arbitrary SQL statements, potentially revealing sensitive tenant information or altering database contents. The quality of the weakness corresponds to the typical SQL injection category.

Affected Systems

Only the Sourcecodester Storage Unit Rental Management System version 1.0 is known to contain the affected file. No other vendors, products, or versions are listed, so deployments that run this exact version and expose the admin view are exposed.

Risk and Exploitability

Because the injection exists in an admin‑level page, the attacker would need to reach that URL, usually by accessing the site’s web interface or by sending a crafted HTTP request. No CVSS score or EPSS data is provided, and the vulnerability is not listed in the KEV catalog, so the exact risk level is unclear. Nevertheless, the exploitability of SQL injection hinges on the attacker’s ability to authenticate as an admin or to bypass authentication, and it could lead to full data compromise if successful.

Generated by OpenCVE AI on April 14, 2026 at 15:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review and refactor the code in /storage/admin/tenants/view_details.php to use prepared statements or parameterized queries.
  • Restrict access to the admin endpoint so only verified administrators can reach it, implementing proper authentication checks.
  • Deploy a Web Application Firewall rule that blocks common SQL injection payload patterns to provide an additional defensive layer.

Generated by OpenCVE AI on April 14, 2026 at 15:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Storage Unit Rental Management System Admin View

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester storage Unit Rental Management System
Vendors & Products Sourcecodester
Sourcecodester storage Unit Rental Management System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.
References

Subscriptions

Sourcecodester Storage Unit Rental Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:29:26.653Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37591

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:11.799Z

cve-icon NVD

Status : Received

Published: 2026-04-14T15:16:32.920

Modified: 2026-04-14T16:16:40.917

Link: CVE-2026-37591

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:55Z

Weaknesses