Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
SourceCodester Online Library Management System SQL Injection Risk
CVE-2026-4624
Summary
The SourceCodester Online Library Management System may allow an attacker to inject malicious SQL code, potentially exposing sensitive data or allowing unauthorized access to the system. This can happen if an attacker manipulates a search field, which could be done remotely. Users of this system should update to a patched version as soon as possible.
Original title
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing...
Original description
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 24 Mar 2026