{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-36943", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-13T20:23:13.859Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T13:50:07.184Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-2.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:23:07.280880Z", "id": "CVE-2026-36943", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:23:13.859Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-36943", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:23:07.280880Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:23:01.563Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-2.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T13:50:07.184Z"}}}, "cveMetadata": {"cveId": "CVE-2026-36943", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:23:13.859Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php."}], "id": "CVE-2026-36943", "lastModified": "2026-04-17T15:28:29.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-13T15:17:34.410", "references": [{"source": "cve@mitre.org", "url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-2.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "computer_and_mobile_repair_shop_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-13T23:06:17.549293+00:00", "value": {"mitigation_remediation": ["Verify whether a vendor patch or newer release addressing the SQL injection in /rsms/admin/repairs/manage_repair.php is available and apply it immediately.", "If no patch exists, modify the code to use parameterized queries or prepared statements for all database interactions in the vulnerable file.", "Restrict access to the administrative interface to trusted users only and enforce strong authentication controls.", "Deploy a web application firewall or similar filtering mechanism to detect and block suspicious SQL injection payloads.", "Monitor application and database logs for abnormal query activity and periodically verify database integrity."], "summary": {"action": "Apply Patch", "impact": "SQL injection leading to unauthorized database access"}, "threat_synthesis": {"affected_systems": "The vulnerable product is Sourcecodester Computer and Mobile Repair Shop Management System version\u00a01.0. No other vendors, products or versions are explicitly listed in the public data.", "description_and_impact": "The vulnerability is located in the file /rsms/admin/repairs/manage_repair.php of Sourcecodester Computer and Mobile Repair Shop Management System version\u00a01.0. The application concatenates user input directly into a SQL query, creating a SQL injection flaw. It is inferred that an attacker who can submit crafted input to the vulnerable page could alter the SQL statement, potentially reading, modifying, or deleting data in the database, thereby compromising the integrity and confidentiality of the system\u2019s stored information.", "risk_and_exploitability": "The CVSS score of\u00a02.7 indicates a low severity risk. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited exploitation activity. Based on the description, it is inferred that the attack vector is a web-based request to the exposed PHP page, where unsanitized input is used in a database query."}}}}, "created": "2026-04-14T16:22:05.463382+00:00", "title": "SQL Injection Vulnerability in Sourcecodester Repair Shop Management System v1.0", "updated": "2026-04-14T16:35:55.138799+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$computer_and_mobile_repair_shop_management_system"]}