Description
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection (unauthorized data access)
Action: Assess Impact
AI Analysis

Impact

A flaw exists in the /search.php script of SourceCodester Online Catering Reservation 1.0. The rcode parameter is concatenated directly into a SQL query without validation, enabling attackers to inject arbitrary SQL. Successful injection can expose, alter, or delete reservation data, compromising confidentiality, integrity, and availability.

Affected Systems

The affected product is SourceCodester Online Catering Reservation version 1.0. No other versions or vendors were identified in the CNA data. The vulnerable function resides in the search.php endpoint and may be reachable from public networks.

Risk and Exploitability

The CVSS score of 6.9 indicates medium‑to‑high severity. EPSS data is not available and the vulnerability is not listed in the KEV catalog. Publicly provided exploits confirm that unauthenticated remote attackers can trigger the issue via HTTP requests to /search.php, suggesting a realistic exploitation likelihood.

Generated by OpenCVE AI on March 24, 2026 at 04:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for official updates or patches from SourceCodester and apply them if available.
  • If no update exists, restrict external access to the /search.php endpoint using a firewall or Web Application Firewall.
  • Modify the application code to use prepared statements or parameterized queries for handling the rcode parameter.
  • Continuously monitor web and database logs for abnormal query activity that could indicate attempted exploitation.

Generated by OpenCVE AI on March 24, 2026 at 04:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Catering Reservation
Vendors & Products Sourcecodester
Sourcecodester online Catering Reservation

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Title SourceCodester Online Catering Reservation search.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Online Catering Reservation
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-24T13:33:20.433Z

Reserved: 2026-03-23T05:51:50.123Z

Link: CVE-2026-4615

cve-icon Vulnrichment

Updated: 2026-03-24T13:33:10.624Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T00:16:32.020

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4615

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:35:55Z

Weaknesses