{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-36946", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-05-10T13:20:31.470Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T13:07:33.235Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-4.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:26:17.196903Z", "id": "CVE-2026-36946", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-10T13:20:31.470Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-36946", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:26:17.196903Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:26:29.949Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-4.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T13:07:33.235Z"}}}, "cveMetadata": {"cveId": "CVE-2026-36946", "state": "PUBLISHED", "dateUpdated": "2026-05-10T13:20:31.470Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:computer_and_mobile_repair_shop_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E67CA652-A839-4363-98A3-59009A27A755", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php."}], "id": "CVE-2026-36946", "lastModified": "2026-05-10T14:16:50.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-13T14:16:13.883", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-4.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "product": "computer_and_mobile_repair_shop_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-14T20:50:23.274747+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011issued patch or upgrade to a fixed version if one exists.", "Restrict access to /rsms/admin/inquiries/view_details.php so that only authenticated administrators can reach it.", "Validate and sanitize all user input on that page, using parameterized queries where possible.", "Enable database query logging to capture suspicious activity.", "Regularly review logs for signs of attempted injection and investigate anomalies."], "summary": {"action": "Patch ASAP", "impact": "SQL Injection Vulnerability"}, "threat_synthesis": {"affected_systems": "The only documented affected product is the Sourcecodester Computer and Mobile Repair Shop Management System, version 1.0, as indicated by the CPE string provided.", "description_and_impact": "Sourcecodester Computer and Mobile Repair Shop Management System version 1.0 contains an SQL injection flaw in the file /rsms/admin/inquiries/view_details.php. Unsanitized user input is directly incorporated into a database query, allowing an attacker to inject arbitrary SQL statements. The potential consequences for an attacker\u2014including the ability to read or modify data\u2014are not explicitly detailed by the advisory and are therefore inferred from the nature of SQL injection.", "risk_and_exploitability": "The CVSS score of 2.7 indicates low severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA's KEV catalog. Based on the description, the likely attack path involves sending an HTTP request to /rsms/admin/inquiries/view_details.php. The advisory does not state whether authentication is required for this endpoint; this assumption is inferred from the limited information. These details are not directly documented in the advisory."}}}}, "created": "2026-04-14T16:19:36.772053+00:00", "updated": "2026-04-15T15:45:07.543699+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$computer_and_mobile_repair_shop_management_system"]}