{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-37589", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-14T15:33:11.824Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T13:54:17.161Z"}, "descriptions": [{"lang": "en", "value": "SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-3.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:32:44.731003Z", "id": "CVE-2026-37589", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:33:11.824Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-37589", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:32:44.731003Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:33:04.314Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-3.md"}], "descriptions": [{"lang": "en", "value": "SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T13:54:17.161Z"}}}, "cveMetadata": {"cveId": "CVE-2026-37589", "state": "PUBLISHED", "dateUpdated": "2026-04-14T15:33:11.824Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php."}], "id": "CVE-2026-37589", "lastModified": "2026-04-14T16:16:40.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-14T15:16:32.677", "references": [{"source": "cve@mitre.org", "url": "https://github.com/shininadd/cve_report/blob/main/sourcecodester/storage-unit-rental-management-system/SQL-3.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "storage_unit_rental_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-14T15:52:55.145350+00:00", "value": {"mitigation_remediation": ["Deploy the latest patched version of the application that removes the injection flaw.", "If an upgrade is not possible, restrict the /storage/admin/maintenance path to a single administrative account and enforce strong authentication mechanisms.", "Sanitize all user\u2011provided input and implement parameterized queries or proper escaping within the PHP code.", "Disable PHP error display to prevent leakage of database structure and enable secure logging of anomalies."], "summary": {"action": "Immediate Patch", "impact": "Data Compromise"}, "threat_synthesis": {"affected_systems": "The system affected is SourceCodester Storage Unit Rental Management System, version 1.0. No other versions or variants are listed as affected. The application is deployed in a web environment and the vulnerability resides in the administration interface located at /storage/admin/maintenance/manage_storage_unit.php.", "description_and_impact": "The Vulnerability is a classic SQL injection flaw located in the PHP file that handles storage unit management. By embedding crafted SQL fragments into form inputs, an attacker can alter the structure of the database query. The result is the ability to read, modify, or delete protected data, thereby compromising confidentiality, integrity, and potentially availability of the system's records.", "risk_and_exploitability": "The likely attack vector is a web\u2011based request to the admin panel and requires the attacker to inject data into user\u2011controlled inputs. Based on the description, it is inferred that authentication to the admin panel may be necessary, but the vulnerability could be triggered by any input that is not properly sanitized. The CVSS score is not provided, EPSS is unavailable, and the vulnerability is not listed in the CISA KEV catalog, leaving the precise exploitation likelihood undefined. Nonetheless, the presence of an SQL injection flaw presents a high potential for data compromise if sufficient access can be obtained."}}}}, "created": "2026-04-14T16:16:51.458615+00:00", "title": "SQL Injection in Storage Unit Rental Management System", "updated": "2026-04-14T16:31:57.907823+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$storage_unit_rental_management_system"], "weaknesses": ["CWE-89"]}