CVE-2026-36944
Description
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection vulnerability in Sourcecodester Computer and Mobile Repair Shop Management System v1.0 allows authenticated admin users to extract database information via the `id` parameter in view_details.php.
Vulnerability
A SQL injection vulnerability exists in /rsms/admin/repairs/view_details.php of the Sourcecodester Computer and Mobile Repair Shop Management System v1.0. The id parameter in the GET request is not properly sanitized, allowing an authenticated admin to inject arbitrary SQL queries.
Exploitation
An attacker with admin credentials (e.g., admin/admin123) can exploit the vulnerability by sending a crafted request to /rsms/admin/?page=repairs/view_details&id=-1' union select 1,database(),3,4,5,6,7,8,9,10--+. This payload extracts the database name and other data from the rsms_db database. The PoC is provided in the advisory [1].
Impact
Successful exploitation allows an admin-level attacker to read sensitive database contents, potentially exposing user credentials, repair details, and other confidential information. The CVSS v3 score is 2.7 (Low) due to the required authentication and limited impact.
Mitigation
No official patch has been released as of the publication date. Users should apply input validation or parameterized queries to mitigate the risk. It is advisable to restrict admin access and monitor for unusual SQL patterns.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.