{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4624", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-23T06:22:42.252Z", "datePublished": "2026-03-24T02:14:35.899Z", "dateUpdated": "2026-03-24T18:25:52.685Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-24T02:14:35.899Z"}, "title": "SourceCodester Online Library Management System Parameter home.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "SourceCodester", "product": "Online Library Management System", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-23T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-23T07:27:46.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "WeQi (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.352492", "name": "VDB-352492 | SourceCodester Online Library Management System Parameter home.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352492", "name": "VDB-352492 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775787", "name": "Submit #775787 | SourceCodester Online Library Management System V1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_6.md", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T18:25:38.820733Z", "id": "CVE-2026-4624", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:25:52.685Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4624", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T18:25:38.820733Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:25:49.212Z"}}], "cna": {"tags": ["x_freeware"], "title": "SourceCodester Online Library Management System Parameter home.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "WeQi (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "SourceCodester", "modules": ["Parameter Handler"], "product": "Online Library Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-23T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-23T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-23T07:27:46.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352492", "name": "VDB-352492 | SourceCodester Online Library Management System Parameter home.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352492", "name": "VDB-352492 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775787", "name": "Submit #775787 | SourceCodester Online Library Management System V1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_6.md", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-24T02:14:35.899Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4624", "state": "PUBLISHED", "dateUpdated": "2026-03-24T18:25:52.685Z", "dateReserved": "2026-03-23T06:22:42.252Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-24T02:14:35.899Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en SourceCodester Online Library Management System 1.0. El elemento afectado es una funci\u00f3n desconocida del archivo /home.php del componente Gestor de Par\u00e1metros. Realizar una manipulaci\u00f3n del argumento searchField resulta en inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit es ahora p\u00fablico y puede ser utilizado."}], "id": "CVE-2026-4624", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-24T03:16:06.887", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_6.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.352492"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.352492"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.775787"}, {"source": "cna@vuldb.com", "url": "https://www.sourcecodester.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "online_library_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-03-24T03:50:40.435657+00:00", "value": {"mitigation_remediation": ["Apply the vendor's security patch or upgrade to the latest version of SourceCodester Online Library Management System.", "If a patch is unavailable, implement input validation or use prepared statements to sanitize the searchField parameter in home.php.", "Restrict access to home.php to authenticated users only and employ least-privilege database permissions."], "summary": {"action": "Patch Immediately", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "This flaw affects SourceCodester Online Library Management System 1.0 provided by SourceCodester. No other versions or components are currently listed as vulnerable.", "description_and_impact": "The vulnerability resides in the home.php file of the Parameter Handler component of SourceCodester Online Library Management System version 1.0. Manipulating the searchField argument allows an attacker to inject arbitrary SQL statements. This could enable unauthorized data exfiltration, modification, or deletion, thereby compromising confidentiality and integrity of the library's database.", "risk_and_exploitability": "The CVSS score of 6.9 indicates medium severity. Although an EPSS score is not reported, the vulnerability is publicly available and can be triggered remotely without authentication, which raises the potential threat level. No KEV entry means it is not yet cataloged in CISA's known exploited vulnerabilities list."}}}}, "created": "2026-03-24T10:29:23.567728+00:00", "updated": "2026-03-25T20:40:28.895370+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$online_library_management_system"]}