GHSA-gxqv-hc62-jvc7LowCVSS 4.3
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element...
🔗 CVE IDs covered (1)
📋 Description
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used.
🔗 References (8)
- https://nvd.nist.gov/vuln/detail/CVE-2026-15540
- https://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-via-page-parameter-leading-to-source-code-disclosure-ce722de0c407
- https://vuldb.com/cve/CVE-2026-15540
- https://vuldb.com/submit/855048
- https://vuldb.com/vuln/377890
- https://vuldb.com/vuln/377890/cti
- https://www.sourcecodester.com
- https://github.com/advisories/GHSA-gxqv-hc62-jvc7