{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-36945", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-13T20:22:06.176Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T13:46:09.859Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-3.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:21:48.387674Z", "id": "CVE-2026-36945", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:22:06.176Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-36945", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:21:48.387674Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:22:03.114Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-3.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T13:46:09.859Z"}}}, "cveMetadata": {"cveId": "CVE-2026-36945", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:22:06.176Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php"}], "id": "CVE-2026-36945", "lastModified": "2026-04-17T15:28:29.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-13T15:17:34.660", "references": [{"source": "cve@mitre.org", "url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-3.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "computer_and_mobile_repair_shop_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-13T23:05:57.732750+00:00", "value": {"mitigation_remediation": ["Verify whether a newer version of the Sourcecodester Repair Shop Management System is available and upgrade to that version if possible.", "If no patch exists, restrict external access to the /rsms/admin/clients/manage_client.php page, allowing only authenticated administrators to reach it.", "Update the application code to use prepared statements or parameterized queries for all database interactions to eliminate the injection vector.", "Install or configure a web application firewall to detect and block suspicious SQL payloads targeting the administrational endpoints.", "Run regular vulnerability scans and code reviews to ensure that no similar injection points remain in the codebase."], "summary": {"action": "Assess Impact", "impact": "Potential unauthorized database access"}, "threat_synthesis": {"affected_systems": "Vulnerable systems are those running Sourcecodester\u2019s Computer and Mobile Repair Shop Management System version 1.0. Any deployment that includes the manage_client.php page exposed via the web, especially within the administrative interface, is susceptible. No other versions or products were identified in the CVE entry.", "description_and_impact": "The Sourcecodester Computer and Mobile Repair Shop Management System v1.0 contains a SQL injection flaw in the /rsms/admin/clients/manage_client.php script. The flaw allows an attacker to inject arbitrary SQL statements into database queries that the application executes. This can enable unauthorized viewing, modification or deletion of data stored in the backend database, compromising the confidentiality, integrity, and availability of customer and business information as defined by CWE\u201189.", "risk_and_exploitability": "The entry lists a CVSS base score of 2.7, indicating low overall severity. EPSS information is unavailable and the vulnerability is not recorded in the CISA KEV catalog. Based on the description, the likely attack vector is a web interface that accepts unsanitized input through the manage_client.php endpoint. If the attacker has access to the admin area, they could craft requests that inject malicious SQL; if not, the flaw may still be exploitable through publicly accessible parameters depending on configuration. Successful exploitation would allow an attacker to read, alter, or delete records in the application\u2019s database, potentially exposing sensitive business data."}}}}, "created": "2026-04-14T16:22:03.368053+00:00", "title": "SQL Injection via manage_client.php in Sourcecodester Repair Shop Management System v1.0", "updated": "2026-04-14T16:35:52.993046+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$computer_and_mobile_repair_shop_management_system"]}