{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26886", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-04T15:04:28.292Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-03-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T18:15:03.825Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-online-mens-salon-management-system/SQL-4.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T15:03:34.332469Z", "id": "CVE-2026-26886", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T15:04:28.292Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26886", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T15:03:34.332469Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T15:02:26.806Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-online-mens-salon-management-system/SQL-4.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T18:15:03.825Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26886", "state": "PUBLISHED", "dateUpdated": "2026-03-04T15:04:28.292Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:simple_online_men\\'s_salon_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "89214BE6-29BE-4978-8551-7439D8350AEA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php."}], "id": "CVE-2026-26886", "lastModified": "2026-03-04T17:39:06.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-03T17:16:18.690", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/shininadd/bug_report/blob/main/Sourcecodester/simple-online-mens-salon-management-system/SQL-4.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "online_mens_salon_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-16T14:13:47.213149+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011provided patch or update that fixes the SQL injection in /admin/services/manage_service.php", "Modify the application to use parameterized queries or ORM mechanisms so that user input cannot alter query structure", "Ensure that all input fields in admin/services/manage_service.php are properly sanitized and validated before use", "Restrict access to the /admin services directory to authorized administrators only"], "summary": {"action": "Apply Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected product is the Sourcecodester Online Men's Salon Management System, released as version 1.0. The flaw resides in the administrative service management interface, specifically the manage_service.php script. No other products or versions are mentioned in the data.", "description_and_impact": "Sourcecodester Online Men's Salon Management System version 1.0 has an input validation flaw in the admin/services/manage_service.php page that allows malicious SQL commands to be injected into the database engine. The vulnerability can lead to unauthorized reading, modification, or deletion of records, potentially exposing sensitive customer data or disrupting business operations. It is a classic example of a CWE\u201189 (SQL Injection) weakness where query construction fails to sanitize input.", "risk_and_exploitability": "The CVSS score of 2.7 indicates low overall risk, and the EPSS score of less than 1% shows a very low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. Based on the description, the likely attack vector would require access to the administratively protected endpoint, implying that an attacker would need valid credentials or a session with administrator privileges to exploit the flaw. Once authenticated, an attacker could execute arbitrary SQL queries against the underlying database, affecting confidentiality and integrity of the management system's data."}}}}, "created": "2026-03-04T21:04:09.724708+00:00", "title": "SQL Injection in Sourcecodester Online Men's Salon Management System admin/services/manage_service.php", "updated": "2026-04-16T14:15:28.816518+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$online_mens_salon_management_system"]}