{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-37344", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-16T14:56:26.706Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T14:56:26.706Z"}, "descriptions": [{"lang": "en", "value": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-3.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php."}], "id": "CVE-2026-37344", "lastModified": "2026-04-16T15:17:37.340", "metrics": {}, "published": "2026-04-16T15:17:37.340", "references": [{"source": "cve@mitre.org", "url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-3.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "vehicle_parking_area_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-17T04:57:40.711261+00:00", "value": {"mitigation_remediation": ["Apply the latest vendor patch or upgrade to a version that addresses the SQL injection flaw", "Refactor the application code to use prepared statements or parameterized queries for all database interactions", "Limit the database credentials used by the web application to the minimal privileges necessary to perform its functions"], "summary": {"action": "Apply Fix", "impact": "SQL Injection leading to potential data breach"}, "threat_synthesis": {"affected_systems": "The affected product is the SourceCodester Vehicle Parking Area Management System, version 1.0. No additional vendor or product information is provided beyond the mention of the managing locations module. The vulnerability exists in the manage_location.php script.\n", "description_and_impact": "The vulnerability is a classic SQL injection flaw located in the file /parking/manage_location.php of the SourceCodester Vehicle Parking Area Management System version 1.0. This weakness allows an attacker to inject arbitrary SQL statements that are executed by the underlying database engine. The consequences include unauthorized reading, modification, or deletion of parking records and potentially sensitive user information, thereby compromising confidentiality and integrity. The flaw maps to CWE\u201189.\n", "risk_and_exploitability": "Because the CVSS score is not given and EPSS data is unavailable, the exact severity and likelihood of exploitation cannot be quantified. However, as the attack vector is through the web interface, and the flaw permits arbitrary SQL code execution, the risk can be considered high if the application is publicly accessible. No entry in the CISA KEV catalog indicates that known exploits are not documented, but the absence of such a listing does not guarantee absence of real-world attacks. The best\u2011effort inference is that the attack likely requires authenticated access to the location management feature, but the description does not state authentication requirements explicitly. Given the classic nature of the issue, it is prudent to treat it as a significant exposure.\n"}}}}, "created": "2026-04-16T18:58:43.471294+00:00", "title": "Vehicle Parking Area Management System SQL Injection in Location Management", "updated": "2026-04-17T05:00:05.513334+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$vehicle_parking_area_management_system"], "weaknesses": ["CWE-89"]}