PatchSiren cyber security CVE debrief
CVE-2026-15540 SourceCodester CVE debrief
A low-severity LFI vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. The vulnerability has a CVSS score of 2.1 and is considered low-severity. This vulnerability allows attackers to include arbitrary files, potentially leading to code execution or information disclosure.
- Vendor
- SourceCodester
- Product
- Online Book Store System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of SourceCodester Online Book Store System 1.0 should be aware of this LFI vulnerability and take steps to mitigate it. Operators, administrators, and security teams should review the vulnerability and implement compensating controls if necessary. They should also verify affected scope, review relevant monitoring, detection, and logs for exposed assets, and track exceptions.
Technical summary
The vulnerability is caused by improper control of filename for include/require statement in php program. Performing a manipulation of the argument page results in LFI. The affected product is SourceCodester Online Book Store System 1.0. This LFI vulnerability allows attackers to include arbitrary files, potentially leading to code execution or information disclosure. The vulnerability has a CVSS score of 2.1 and is considered low-severity.
Defensive priority
Low priority, but recommended to address due to public exploit availability.
Recommended defensive actions
- Inventory and verify affected scope
- Check for vendor remediation
- Implement compensating controls
- Monitor for exploitation attempts
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
Evidence is limited. Official records indicate a low-severity LFI vulnerability. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface in SourceCodester Online Book Store System 1.0. Defenders should verify affected scope and take steps to mitigate the vulnerability. The exploit is publicly available, and defenders should review relevant monitoring, detection, and logs for exposed assets that need extra review.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T08:16:20.403Z and has not been modified since then.