{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-36873", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-13T12:15:09.034Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T12:15:09.034Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-2.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php."}], "id": "CVE-2026-36873", "lastModified": "2026-04-13T13:16:41.553", "metrics": {}, "published": "2026-04-13T13:16:41.553", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-2.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-04-13T13:21:40.023432+00:00", "value": {"mitigation_remediation": ["Update or patch the source code to use prepared statements or parameterized queries for all database interactions in load_admin.php", "Apply input validation and sanitization to filter out malicious characters from user input", "Deploy an application firewall or WAF rules that block common SQL injection patterns", "Audit the database permissions to ensure that the database user has the least privilege needed for application operation", "Monitor logs for unusual query patterns and investigate any suspicious activity promptly"], "summary": {"action": "Apply Fix", "impact": "SQL injection that can allow attackers to read, modify, or delete data"}, "threat_synthesis": {"affected_systems": "This vulnerability impacts the open\u2011source Sourcecodester Basic Library System at version 1.0. No vendor or product name is listed beyond the project itself, and the affected component is the load_admin.php file inside the /librarysystem directory. Users running this exact version in any environment are at risk, regardless of host configuration.", "description_and_impact": "The flaw is a classic SQL injection in the load_admin.php endpoint of Sourcecodester Basic Library System v1.0. Because user input is incorporated into database queries without proper sanitization or parameterization, an attacker can inject arbitrary SQL statements. This could lead to unauthorized disclosure of sensitive data, alteration of library records, or even destruction of the underlying database. The vulnerability directly affects the confidentiality and integrity of the system, and may compromise availability if destructive queries are executed.", "risk_and_exploitability": "The risk is considered moderate to high because the exploit requires only Web access to the vulnerable endpoint, making it publicly exploitable. No exploit probability score is available and the vulnerability is not listed in the CISA KEV catalog, but the nature of SQL injection is well understood and provides a clear attack path. Attackers who can send malicious input to the endpoint can gain full database control, making this a significant threat for any deployment of the affected version."}}}}, "created": "2026-04-13T14:27:01.273286+00:00", "title": "SQL Injection in Sourcecodester Basic Library System v1.0", "updated": "2026-04-13T14:27:01.273315+00:00", "vendors": [], "weaknesses": ["CWE-89"]}