Description
Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.
Published: 2026-04-14
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Assess Impact
AI Analysis

Impact

An SQL injection flaw exists in the admin tenant view page of Sourcecodester Storage Unit Rental Management System v1.0. The flaw allows an attacker to inject arbitrary SQL code through unsanitized input in view_details.php, potentially leading to unauthorized read or modification of tenant data. The weakness corresponds to CWE-89, which describes the exploitation of unsanitized user data in database queries.

Affected Systems

Systems running Sourcecodester Storage Unit Rental Management System version 1.0 are affected. The known vulnerable file is /storage/admin/tenants/view_details.php, which is part of the administrative interface used by site operators to manage tenant records.

Risk and Exploitability

The CVSS base score is 2.7, indicating low overall risk. Exploit Probability Service Score data is not available and the vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. Successful exploitation would likely require access to the administration area, suggesting that authentication is a prerequisite. Thus the attack vector is inferred to be remote with authenticated user, and the likelihood of exploitation remains low based on the supplied metrics.

Generated by OpenCVE AI on April 14, 2026 at 17:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Confirm that your deployed system is version 1.0 of the Sourcecodester Storage Unit Rental Management System.
  • If the vendor releases a patch, upgrade immediately; otherwise, modify view_details.php to use prepared statements and parameterized queries to neutralize unsanitized input.
  • Ensure that /storage/admin/tenants/view_details.php and related administrative endpoints are protected behind strong authentication and role‑based access control.
  • Grant the database account used by the application only the minimum privileges required for normal operation.
  • Monitor application and database logs for suspicious activity and apply additional input validation or web application firewall rules if possible.

Generated by OpenCVE AI on April 14, 2026 at 17:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in Storage Unit Rental Management System Admin View

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Storage Unit Rental Management System Admin View

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester storage Unit Rental Management System
Vendors & Products Sourcecodester
Sourcecodester storage Unit Rental Management System

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.
References

Subscriptions

Sourcecodester Storage Unit Rental Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:29:26.653Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37591

cve-icon Vulnrichment

Updated: 2026-04-14T15:28:11.799Z

cve-icon NVD

Status : Deferred

Published: 2026-04-14T15:16:32.920

Modified: 2026-06-17T10:41:36.170

Link: CVE-2026-37591

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')