EUVD-2026-14698
GHSA-68f7-rw23-22jh
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
Analysis
SQL injection in SourceCodester Online Library Management System 1.0 allows unauthenticated remote attackers to manipulate the searchField parameter in /home.php, enabling data exfiltration, modification, and potential service disruption. Public exploit code exists for this vulnerability, and no patch is currently available.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running SourceCodester Online Library Management System 1.0 and assess whether they process sensitive data; isolate affected systems from production networks if possible and enable detailed logging on database connections. Within 7 days: Implement Web Application Firewall (WAF) rules blocking SQL injection patterns on the /home.php searchField parameter; restrict network access to the application to authorized users only via IP whitelisting or VPN; consider disabling the search functionality if operationally feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today