{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-36947", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-13T20:26:01.343Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T13:04:46.330Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-5.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:25:39.368922Z", "id": "CVE-2026-36947", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:26:01.343Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-36947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:25:39.368922Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:25:57.810Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-5.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T13:04:46.330Z"}}}, "cveMetadata": {"cveId": "CVE-2026-36947", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:26:01.343Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:computer_and_mobile_repair_shop_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E67CA652-A839-4363-98A3-59009A27A755", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php."}], "id": "CVE-2026-36947", "lastModified": "2026-04-14T17:43:58.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-13T14:16:14.007", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/huliangjia/bug_report/blob/main/Sourcecodester/computer-and-mobile-repair-shop-management-system/SQL-5.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "computer_and_mobile_repair_shop_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-14T18:25:38.181797+00:00", "value": {"mitigation_remediation": ["Update the application to the latest version if one is available.", "Validate and sanitize all user input that is incorporated into SQL queries, particularly the parameters used in view_service.php.", "Use prepared statements or parameterized queries to prevent direct inclusion of user input in SQL statements.", "Restrict access to administrative pages to authenticated and authorized users, and consider limiting access to trusted IP ranges.", "Monitor application logs for suspicious SQL activity and apply web application firewall rules to block malformed queries."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Data Access"}, "threat_synthesis": {"affected_systems": "The affected product is the Sourcecodester Computer and Mobile Repair Shop Management System, version 1.0, deployed as a PHP web application on a web server. No official vendor is listed, and the product appears to be community\u2011produced. Systems running this version with the view_service.php file exposed to unauthenticated or weakly authenticated users are at risk.", "description_and_impact": "The vulnerability resides in the file /rsms/admin/services/view_service.php of the Computer and Mobile Repair Shop Management System version 1.0. An attacker can inject arbitrary SQL through input parameters, allowing the execution of unauthorized queries. This can lead to unauthorized data retrieval, modification, or deletion of sensitive business information such as service records, customer details, or financial data. The weakness is identified as SQL Injection (CWE\u201189).", "risk_and_exploitability": "The CVSS score of 2.7 indicates a low severity, and an EPSS score below 1% suggests the vulnerability is unlikely to be widely exploited in the near term. It is not listed in the CISA KEV catalog. The likely attack vector is through the web interface, where an attacker submits a specially crafted request to the view_service.php script. No official patch or workaround is documented, so the vulnerability remains exploitable until the application is updated or input handling is hardened."}}}}, "created": "2026-04-14T16:19:35.616257+00:00", "updated": "2026-04-15T15:45:07.543208+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$computer_and_mobile_repair_shop_management_system"]}