CVE-2026-15537
HIGH
7.3
CVSS 3.1
Description
A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Metadata
Severity & Metrics
7.3
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| SourceCodester | Online Book Store System | — | 1.0 |
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 7.3 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 7.3 | HIGH | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-377887 | SourceCodester Online Book Store System login.php sql injection https://vuldb.com/vuln/377887
- VDB-377887 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/377887/cti
- CVE-2026-15537 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-15537
- Submit #855010 | SourceCodester Online Book Store System 1.0 SQL Injection https://vuldb.com/submit/855010
- https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967
- https://www.sourcecodester.com/