CVE-2026-36872
SQL Injection in Sourcecodester Basic Library System Load_Book.php
Publication date: 2026-04-13
Last updated on: 2026-04-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| razormist | basic_library_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Basic Library System v1.0 by sourcecodester has an SQL injection vulnerability in the file `/librarysystem/load_book.php`.
Specifically, the vulnerability exists in the `book_id` parameter of the GET request to `/librarysystem/load_book.php?book_id=`.
An attacker can manipulate this parameter to execute arbitrary SQL queries on the backend database.
For example, an attacker can use a payload like `/librarysystem/load_book.php?book_id=-1' union select 1,2,database(),4,5,6,7--` to leak the current database name.
This vulnerability allows unauthorized disclosure of data from the database.
How can this vulnerability impact me? :
This SQL injection vulnerability can allow attackers to execute arbitrary SQL commands on the backend database.
As a result, attackers may gain unauthorized access to sensitive data stored in the database.
This can lead to data leakage, data manipulation, or even deletion of critical information.
Such impacts can compromise the confidentiality, integrity, and availability of the system's data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted HTTP GET requests to the vulnerable endpoint and observing the response for signs of SQL injection.
Specifically, you can test the `book_id` parameter in the URL `/librarysystem/load_book.php` by injecting SQL payloads.
- Use a curl command to send a test payload that attempts to exploit the SQL injection, for example:
- curl "http://<target>/librarysystem/load_book.php?book_id=-1' union select 1,2,database(),4,5,6,7--"
If the response contains the database name or other unexpected data, it indicates the presence of the SQL injection vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in the Basic Library System v1.0 allows unauthorized data disclosure by manipulating the database through the `book_id` parameter. This unauthorized access to potentially sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive information from unauthorized access or breaches.
Specifically, if the compromised database contains personal data protected under these regulations, the vulnerability could result in data breaches, violating requirements for data confidentiality, integrity, and security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the SQL injection vulnerability in the Basic Library System v1.0, immediate steps include sanitizing and validating the `book_id` parameter in the `/librarysystem/load_book.php` file to prevent injection of malicious SQL code.
Implement prepared statements or parameterized queries in the PHP code to safely handle user input.
Restrict database permissions to limit the impact of any potential injection.
If possible, apply any available patches or updates from the vendor or sourcecodester.
Monitor logs for suspicious activity related to the `book_id` parameter.