{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-37343", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-18T02:21:26.859Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T14:53:42.067Z"}, "descriptions": [{"lang": "en", "value": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-4.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-18T02:19:55.306773Z", "id": "CVE-2026-37343", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T02:21:26.859Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-37343", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-18T02:19:55.306773Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-18T02:21:20.479Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-4.md"}], "descriptions": [{"lang": "en", "value": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T14:53:42.067Z"}}}, "cveMetadata": {"cveId": "CVE-2026-37343", "state": "PUBLISHED", "dateUpdated": "2026-04-18T02:21:26.859Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-16T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php."}], "id": "CVE-2026-37343", "lastModified": "2026-04-18T03:16:12.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-16T15:17:37.230", "references": [{"source": "cve@mitre.org", "url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-4.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "vehicle_parking_area_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-18T19:29:14.737723+00:00", "value": {"mitigation_remediation": ["Replace string\u2011concatenated SQL queries in /parking/manage_user.php with prepared statements or parameterized queries to ensure user input is never parsed as executable SQL.", "Validate and sanitize all user\u2011supplied data before it is passed to the database, rejecting or escaping SQL\u2011special characters where appropriate.", "If an official vendor patch or newer release is not available, deploy a web\u2011application firewall rule or server\u2011side filter that blocks common SQL injection payloads and suspicious keywords sent to the /parking/manage_user.php endpoint."], "summary": {"action": "Apply Mitigation", "impact": "Unauthorized Data Access"}, "threat_synthesis": {"affected_systems": "The affected product is SourceCodester Vehicle Parking Area Management System (v1.0). No other vendors or products are listed in the CNA data. The vulnerability resides specifically in the /parking/manage_user.php file, which handles user management functions, so any installation of version 1.0 that exposes this endpoint is vulnerable.", "description_and_impact": "The vulnerability is a classic SQL Injection flaw found in the /parking/manage_user.php file of SourceCodester Vehicle Parking Area Management System v1.0. It allows an attacker to inject arbitrary SQL statements into the database query that the application executes. Because the code concatenates user\u2011provided input directly into a SQL statement, the attacker can read, modify, or delete data stored in the backend database, and potentially manipulate the application\u2019s control flow. The weakness is CWE\u201189, which describes unsanitized SQL query handling that can lead to data confidentiality and integrity compromise.", "risk_and_exploitability": "The EPSS score of < 1% indicates a very low but nonzero probability of exploitation, while the CVSS score of 7.2 signifies high severity with potential for data confidentiality and integrity compromise. The vulnerability has not been listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is HTTP, where the attacker submits crafted input to the /parking/manage_user.php form or query string. Successful exploitation requires the ability to send requests to the target server; no authentication is mentioned in the description, so the assumption is the endpoint is publicly reachable. The attacker can then alter or extract data, depending on privileges granted to the database user. Because the flaw is straightforward and no countermeasures are noted, the risk is moderate to high in environments where the vehicle parking area management system is exposed to untrusted users."}}}}, "created": "2026-04-16T18:58:44.474025+00:00", "updated": "2026-04-18T19:30:08.947639+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$vehicle_parking_area_management_system"]}