CVE-2026-37592 - Vulnerability Details

Description

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php.

Published: 2026-04-14

Score: 2.7 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Sourcecodester Storage Unit Rental Management System version 1.0 contains a classic SQL injection flaw in the manage_pricing.php script, which is part of the admin maintenance interface. An attacker who can reach that endpoint can inject arbitrary SQL commands, potentially reading, modifying, or deleting pricing data. This weakness aligns with the standard SQL Injection category and can lead to unauthorized data disclosure or tampering.

Affected Systems

The only confirmed affected product is Sourcecodester Storage Unit Rental Management System version 1.0. The vulnerability is localized to the admin maintenance folder, specifically manage_pricing.php. No other vendors or product versions have been identified.

Risk and Exploitability

The CVSS base score of 2.7 classifies the flaw as low severity. EPSS is not publicly available, and the flaw is not listed in the CISA KEV catalog, suggesting limited current exploitation interest. However, the likely attack scenario requires access to the protected admin interface, which implies that an adversary would need either compromised administrative credentials or a publicly reachable admin page. If such access is obtained, the low severity does not diminish the risk of unauthorized data manipulation. Because this is a classic injection flaw, exploitation conditions are simple once the target endpoint is reachable.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Storage Unit Rental Management System

80%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Ensure the admin interface is protected behind strong authentication and role‑based access controls.
Limit or eliminate accidental exposure of the manage_pricing.php endpoint to the public internet.
Refactor the pricing management code to use input validation and prepared statements or parameterized queries, eliminating the injection vector.
Apply a vendor‑provided patch or upgrade to a fixed version as soon as one is released.
Monitor database logs for suspicious query patterns indicative of injection attempts.

Generated by OpenCVE AI on April 14, 2026 at 18:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00193.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-4.md

History

Wed, 15 Apr 2026 16:00:00 +0000

Type	Values Removed	Values Added
Title	SQL Injection in Storage Unit Rental Management System's Pricing Management Endpoint

Tue, 14 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		SQL Injection in Storage Unit Rental Management System's Pricing Management Endpoint

Tue, 14 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sourcecodester Sourcecodester storage Unit Rental Management System
Vendors & Products		Sourcecodester Sourcecodester storage Unit Rental Management System

Tue, 14 Apr 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-89
Metrics		cvssV3_1 `{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 14 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php.
References		https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-4.md

Subscriptions

Sourcecodester Storage Unit Rental Management System

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-14T00:00:00.000Z

Updated: 2026-04-14T15:29:15.190Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37592

Vulnrichment

Updated: 2026-04-14T15:28:13.229Z

NVD

Status : Deferred

Published: 2026-04-14T15:16:33.037

Modified: 2026-06-17T10:41:36.313

Link: CVE-2026-37592

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object