CVE-2026-36946 Oretnom23 CVE debrief

Who should care

Administrators and maintainers of Sourcecodester Computer and Mobile Repair Shop Management System v1.0, especially any deployment exposing the /rsms/admin/ area to authenticated users.

Technical summary

NVD describes CVE-2026-36946 as an SQL injection weakness in /rsms/admin/inquiries/view_details.php in Computer and Mobile Repair Shop Management System v1.0. The record maps the flaw to CWE-89 and lists CVSS 3.1 vector AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N, which indicates network reachability, low attack complexity, no user interaction, and a high privilege requirement.

Defensive priority

Low to moderate. The CVSS score is low, but the issue still matters because SQL injection can expose sensitive data or enable broader compromise if an attacker obtains the required privileges.

Recommended defensive actions

• Verify whether Computer and Mobile Repair Shop Management System v1.0 is deployed in your environment.
• Review /rsms/admin/inquiries/view_details.php and related request handling for unsafe SQL query construction.
• Apply the vendor or project fix if one is available, or retire the affected version if no patch exists.
• Restrict access to administrative endpoints with least-privilege controls and strong authentication.
• Monitor application and database logs for unusual query patterns or unexpected administrative activity.

Evidence notes

Supported by the NVD CVE record and the linked third-party advisory referenced in the CVE metadata. The supplied NVD data lists the vulnerability as CWE-89 with CVSS vector AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N and marks the record as Modified on 2026-05-10.

Official resources