Description
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
Published: 2026-03-24
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Patch Immediately
AI Analysis

Impact

The vulnerability resides in the home.php file of the Parameter Handler component of SourceCodester Online Library Management System version 1.0. Manipulating the searchField argument allows an attacker to inject arbitrary SQL statements. This could enable unauthorized data exfiltration, modification, or deletion, thereby compromising confidentiality and integrity of the library's database.

Affected Systems

This flaw affects SourceCodester Online Library Management System 1.0 provided by SourceCodester. No other versions or components are currently listed as vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates medium severity. Although an EPSS score is not reported, the vulnerability is publicly available and can be triggered remotely without authentication, which raises the potential threat level. No KEV entry means it is not yet cataloged in CISA's known exploited vulnerabilities list.

Generated by OpenCVE AI on March 24, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor's security patch or upgrade to the latest version of SourceCodester Online Library Management System.
  • If a patch is unavailable, implement input validation or use prepared statements to sanitize the searchField parameter in home.php.
  • Restrict access to home.php to authenticated users only and employ least-privilege database permissions.

Generated by OpenCVE AI on March 24, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Library Management System
Vendors & Products Sourcecodester
Sourcecodester online Library Management System

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
Title SourceCodester Online Library Management System Parameter home.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Online Library Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-24T18:25:52.685Z

Reserved: 2026-03-23T06:22:42.252Z

Link: CVE-2026-4624

cve-icon Vulnrichment

Updated: 2026-03-24T18:25:49.212Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T03:16:06.887

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4624

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:28Z

Weaknesses