CVE-2026-36944
Received Received - Intake
SQL Injection in Sourcecodester Repair Shop Management System

Publication date: 2026-04-13

Last updated on: 2026-04-13

Assigner: MITRE

Description
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-36944
EUVD
EUVD-2026-21962
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sourcecodester computer_and_mobile_repair_shop_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Computer and Mobile Repair Shop Management System v1.0 by Sourcecodester has an SQL injection vulnerability in the file /rsms/admin/repairs/view_details.php.

This vulnerability occurs because the id parameter in the URL /rsms/admin/?page=repairs/view_details&id= is not properly sanitized, allowing an attacker to inject malicious SQL code.

An attacker can exploit this by injecting SQL commands through the id parameter, such as using a UNION-based SQL injection to extract sensitive information like the current database name.

Impact Analysis

This SQL injection vulnerability can lead to unauthorized data leakage by allowing attackers to manipulate database queries.

Attackers may extract sensitive information from the database, compromising the confidentiality and integrity of the data stored in the system.

Detection Guidance

This SQL injection vulnerability can be detected by testing the `id` parameter in the URL `/rsms/admin/?page=repairs/view_details&id=` for SQL injection flaws.

A common detection method is to inject SQL payloads into the `id` parameter and observe the response for database errors or unexpected data.

For example, you can use the following URL payload to test for the vulnerability:

  • /rsms/admin/?page=repairs/view_details&id=-1' union select 1,database(),3,4,5,6,7,8,9,10--+

This payload attempts a UNION-based SQL injection to extract the current database name, which indicates the presence of the vulnerability.

Compliance Impact

The SQL injection vulnerability in the Sourcecodester Computer and Mobile Repair Shop Management System v1.0 allows unauthorized data leakage by exploiting the `id` parameter in the admin repair details page. This unauthorized access to sensitive data can compromise the confidentiality and integrity of the database.

Such a compromise can lead to violations of common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

Mitigation Strategies

To mitigate the SQL injection vulnerability in the file `/rsms/admin/repairs/view_details.php`, immediate steps include:

  • Restrict or disable access to the vulnerable admin repair details page until a fix is applied.
  • Implement input validation and sanitization on the `id` parameter to prevent malicious SQL code injection.
  • Use prepared statements or parameterized queries in the PHP code to safely handle database queries involving user input.
  • Review and monitor database logs for suspicious activity related to the `id` parameter.
  • Update or patch the system if a vendor-provided fix becomes available.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36944. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart