{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-37342", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-18T02:18:42.566Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T14:52:06.099Z"}, "descriptions": [{"lang": "en", "value": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-2.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-18T02:17:30.923230Z", "id": "CVE-2026-37342", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T02:18:42.566Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-37342", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-18T02:17:30.923230Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T02:18:30.387Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-2.md"}], "descriptions": [{"lang": "en", "value": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T14:52:06.099Z"}}}, "cveMetadata": {"cveId": "CVE-2026-37342", "state": "PUBLISHED", "dateUpdated": "2026-04-18T02:18:42.566Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-16T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php."}], "id": "CVE-2026-37342", "lastModified": "2026-04-18T03:16:12.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-16T15:17:37.120", "references": [{"source": "cve@mitre.org", "url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-2.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "product": "vehicle_parking_area_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-18T17:17:33.519980+00:00", "value": {"mitigation_remediation": ["If an update or patch is released by SourceCodester, install it immediately.", "Update the application code to use prepared statements or parameterized queries in view_parked_details.php to eliminate unescaped SQL inputs.", "Restrict the database user role to read\u2011only permissions for actions that do not require write access, or at least grant minimal privileges necessary for the application.", "Deploy a web application firewall rule to block common SQL injection signatures on the /parking/view_parked_details.php endpoint as a temporary protection."], "summary": {"action": "Apply Patch", "impact": "Data Compromise"}, "threat_synthesis": {"affected_systems": "The affected product is SourceCodester Vehicle Parking Area Management System version 1.0, a web application designed for managing parking facilities. The vulnerability is specifically located in the parking view page, and no variants or higher versions have been publicly identified as affected. The product is deployed on typical LAMP stacks, and the exposure is through HTTP requests to the mentioned PHP page.", "description_and_impact": "The vulnerability resides in the file /parking/view_parked_details.php of SourceCodester Vehicle Parking Area Management System v1.0 and allows attackers to inject arbitrary SQL statements. By manipulating input parameters without proper escaping or parameterization, a malicious user can execute commands such as SELECT, UPDATE, or DELETE on the underlying database, potentially exposing sensitive vehicle and user data or altering system records. This type of flaw is a classic data\u2011exfiltration problem, classified under processed data confidentiality and integrity weaknesses.", "risk_and_exploitability": "EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.2 reflects a medium\u2011to\u2011high severity, indicating that a successful exploitation would likely compromise data confidentiality, integrity, and potentially availability. The attack vector is remote via the standard web interface, and attackers could inject arbitrary SQL if the application is exposed to untrusted traffic; no vendor\u2011issued patch is available, so the risk remains significant for unpatched deployments. Administrators should treat this as a high\u2011priority issue until remediation is applied."}}}}, "created": "2026-04-16T18:58:45.504802+00:00", "updated": "2026-04-18T17:30:05.941234+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$vehicle_parking_area_management_system"]}