Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Online Book Store System by SourceCodester

    CVE-2026-15540 (GCVE-0-2026-15540)

    Vulnerability from nvd – Published: 2026-07-13 06:30 – Updated: 2026-07-13 06:30 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System Administrative index.php php file inclusion
    Summary
    A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used.
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program
    • CWE-73 - File Inclusion
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377890 vdb-entrytechnical-description
    https://vuldb.com/vuln/377890/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15540 third-party-advisory
    https://vuldb.com/submit/855048 third-party-advisory
    https://medium.com/@hemantrajbhati5555/local-file… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hemant Raj Bhati (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Administrative Interface"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hemant Raj Bhati (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "File Inclusion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T06:30:08.672Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377890 | SourceCodester Online Book Store System Administrative index.php php file inclusion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377890"
            },
            {
              "name": "VDB-377890 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377890/cti"
            },
            {
              "name": "CVE-2026-15540 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15540"
            },
            {
              "name": "Submit #855048 | SourceCodester Online Book Store System 1.0 Local File Inclusion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855048"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-via-page-parameter-leading-to-source-code-disclosure-ce722de0c407"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:12:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System Administrative index.php php file inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15540",
        "datePublished": "2026-07-13T06:30:08.672Z",
        "dateReserved": "2026-07-12T18:07:43.505Z",
        "dateUpdated": "2026-07-13T06:30:08.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15539 (GCVE-0-2026-15539)

    Vulnerability from nvd – Published: 2026-07-13 06:15 – Updated: 2026-07-13 06:15 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload
    Summary
    A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hemant Raj Bhati (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Book Image Upload Feature"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hemant Raj Bhati (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T06:15:07.726Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377889 | SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/377889"
            },
            {
              "name": "VDB-377889 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377889/cti"
            },
            {
              "name": "CVE-2026-15539 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15539"
            },
            {
              "name": "Submit #855046 | SourceCodester Online Book Store System 1.0 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855046"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@hemantrajbhati5555/critical-authenticated-remote-code-execution-rce-via-unrestricted-file-upload-5a4a313ea1f1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:09:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15539",
        "datePublished": "2026-07-13T06:15:07.726Z",
        "dateReserved": "2026-07-12T18:04:47.797Z",
        "dateUpdated": "2026-07-13T06:15:07.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15537 (GCVE-0-2026-15537)

    Vulnerability from nvd – Published: 2026-07-13 05:45 – Updated: 2026-07-13 05:45 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System login.php sql injection
    Summary
    A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377887 vdb-entrytechnical-description
    https://vuldb.com/vuln/377887/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15537 third-party-advisory
    https://vuldb.com/submit/855010 third-party-advisory
    https://medium.com/@gauravkumar67482/sql-injectio… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Gaurav kumar (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gaurav kumar (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T05:45:09.011Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377887 | SourceCodester Online Book Store System login.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377887"
            },
            {
              "name": "VDB-377887 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377887/cti"
            },
            {
              "name": "CVE-2026-15537 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15537"
            },
            {
              "name": "Submit #855010 | SourceCodester Online Book Store System 1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855010"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:05:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System login.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15537",
        "datePublished": "2026-07-13T05:45:09.011Z",
        "dateReserved": "2026-07-12T18:00:30.574Z",
        "dateUpdated": "2026-07-13T05:45:09.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15532 (GCVE-0-2026-15532)

    Vulnerability from nvd – Published: 2026-07-13 04:30 – Updated: 2026-07-13 04:30 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System User Management cross site scripting
    Summary
    A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377877 vdb-entrytechnical-description
    https://vuldb.com/vuln/377877/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15532 third-party-advisory
    https://vuldb.com/submit/854983 third-party-advisory
    https://medium.com/@gauravkumar67482/authenticate… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Gaurav kumar (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "User Management Module"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gaurav kumar (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T04:30:08.174Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377877 | SourceCodester Online Book Store System User Management cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377877"
            },
            {
              "name": "VDB-377877 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377877/cti"
            },
            {
              "name": "CVE-2026-15532 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15532"
            },
            {
              "name": "Submit #854983 | SourceCodester Online Book Store System 1.0 Stored Cross-Site Scripting (Authenticated)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/854983"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@gauravkumar67482/authenticated-stored-cross-site-scripting-xss-in-user-management-module-2c2ba72b2cdf"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T18:05:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System User Management cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15532",
        "datePublished": "2026-07-13T04:30:08.174Z",
        "dateReserved": "2026-07-12T16:00:14.084Z",
        "dateUpdated": "2026-07-13T04:30:08.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15540 (GCVE-0-2026-15540)

    Vulnerability from cvelistv5 – Published: 2026-07-13 06:30 – Updated: 2026-07-13 06:30 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System Administrative index.php php file inclusion
    Summary
    A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used.
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program
    • CWE-73 - File Inclusion
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377890 vdb-entrytechnical-description
    https://vuldb.com/vuln/377890/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15540 third-party-advisory
    https://vuldb.com/submit/855048 third-party-advisory
    https://medium.com/@hemantrajbhati5555/local-file… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hemant Raj Bhati (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Administrative Interface"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hemant Raj Bhati (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "File Inclusion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T06:30:08.672Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377890 | SourceCodester Online Book Store System Administrative index.php php file inclusion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377890"
            },
            {
              "name": "VDB-377890 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377890/cti"
            },
            {
              "name": "CVE-2026-15540 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15540"
            },
            {
              "name": "Submit #855048 | SourceCodester Online Book Store System 1.0 Local File Inclusion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855048"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-via-page-parameter-leading-to-source-code-disclosure-ce722de0c407"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:12:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System Administrative index.php php file inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15540",
        "datePublished": "2026-07-13T06:30:08.672Z",
        "dateReserved": "2026-07-12T18:07:43.505Z",
        "dateUpdated": "2026-07-13T06:30:08.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15539 (GCVE-0-2026-15539)

    Vulnerability from cvelistv5 – Published: 2026-07-13 06:15 – Updated: 2026-07-13 06:15 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload
    Summary
    A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hemant Raj Bhati (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Book Image Upload Feature"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hemant Raj Bhati (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T06:15:07.726Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377889 | SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/377889"
            },
            {
              "name": "VDB-377889 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377889/cti"
            },
            {
              "name": "CVE-2026-15539 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15539"
            },
            {
              "name": "Submit #855046 | SourceCodester Online Book Store System 1.0 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855046"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@hemantrajbhati5555/critical-authenticated-remote-code-execution-rce-via-unrestricted-file-upload-5a4a313ea1f1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:09:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15539",
        "datePublished": "2026-07-13T06:15:07.726Z",
        "dateReserved": "2026-07-12T18:04:47.797Z",
        "dateUpdated": "2026-07-13T06:15:07.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15537 (GCVE-0-2026-15537)

    Vulnerability from cvelistv5 – Published: 2026-07-13 05:45 – Updated: 2026-07-13 05:45 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System login.php sql injection
    Summary
    A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377887 vdb-entrytechnical-description
    https://vuldb.com/vuln/377887/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15537 third-party-advisory
    https://vuldb.com/submit/855010 third-party-advisory
    https://medium.com/@gauravkumar67482/sql-injectio… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Gaurav kumar (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gaurav kumar (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T05:45:09.011Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377887 | SourceCodester Online Book Store System login.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377887"
            },
            {
              "name": "VDB-377887 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377887/cti"
            },
            {
              "name": "CVE-2026-15537 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15537"
            },
            {
              "name": "Submit #855010 | SourceCodester Online Book Store System 1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855010"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:05:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System login.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15537",
        "datePublished": "2026-07-13T05:45:09.011Z",
        "dateReserved": "2026-07-12T18:00:30.574Z",
        "dateUpdated": "2026-07-13T05:45:09.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15532 (GCVE-0-2026-15532)

    Vulnerability from cvelistv5 – Published: 2026-07-13 04:30 – Updated: 2026-07-13 04:30 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System User Management cross site scripting
    Summary
    A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377877 vdb-entrytechnical-description
    https://vuldb.com/vuln/377877/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15532 third-party-advisory
    https://vuldb.com/submit/854983 third-party-advisory
    https://medium.com/@gauravkumar67482/authenticate… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Gaurav kumar (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "User Management Module"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gaurav kumar (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T04:30:08.174Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377877 | SourceCodester Online Book Store System User Management cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377877"
            },
            {
              "name": "VDB-377877 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377877/cti"
            },
            {
              "name": "CVE-2026-15532 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15532"
            },
            {
              "name": "Submit #854983 | SourceCodester Online Book Store System 1.0 Stored Cross-Site Scripting (Authenticated)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/854983"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@gauravkumar67482/authenticated-stored-cross-site-scripting-xss-in-user-management-module-2c2ba72b2cdf"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T18:05:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System User Management cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15532",
        "datePublished": "2026-07-13T04:30:08.174Z",
        "dateReserved": "2026-07-12T16:00:14.084Z",
        "dateUpdated": "2026-07-13T04:30:08.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }