Home / Vulnerability Intelligence / CVE-2026-37345

CVE-2026-37345 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 16, 2026

SourceCodester Vehicle Parking Area Management System - SQL Injection

Published: April 16, 2026Updated: April 16, 2026Remote Exploitable

Overview

SourceCodester Vehicle Parking Area Management System v1.0 contains a sql injection caused by improper sanitization in /parking/manage_park.php, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted requests.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can execute arbitrary SQL commands, potentially leading to data disclosure, modification, or full database compromise.

Mitigation

Update to the latest version or apply patches that fix SQL injection in /parking/manage_park.php.

References

https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-5.md

Related Resources

Details

CVE ID: CVE-2026-37345
Severity: Critical
CVSS Score: 9.8
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H