CVE-2026-15539
MEDIUM
4.7
CVSS 3.1
Description
A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Metadata
Severity & Metrics
4.7
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| SourceCodester | Online Book Store System | — | 1.0 |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.8 | N/D | 2.0 | cna | AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 5.1 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| 4.7 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 4.7 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
References (6)
- VDB-377889 | SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload https://vuldb.com/vuln/377889
- VDB-377889 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/377889/cti
- CVE-2026-15539 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-15539
- Submit #855046 | SourceCodester Online Book Store System 1.0 Remote Code Execution https://vuldb.com/submit/855046
- https://medium.com/@hemantrajbhati5555/critical-authenticated-remote-code-execution-rce-via-unrestricted-file-upload-5a4a313ea1f1
- https://www.sourcecodester.com/