Local File Inclusion in SourceCodester Online Book Store System by SourceCodester
CVE-2026-15540

5.3MEDIUM

Key Information:

Vendor
CVE Published:
13 July 2026

What is CVE-2026-15540?

A Local File Inclusion vulnerability exists in the SourceCodester Online Book Store System version 1.0. An improperly controlled filename for include/require statements in the /admin/index.php file allows attackers to manipulate the argument 'page', potentially leading to remote exploitation. This flaw can compromise the system's security, enabling unauthorized file access, and is actively being exploited in the wild. Administrators should ensure all components are updated and consider implementing security best practices to mitigate potential risks.

Affected Version(s)

Online Book Store System 1.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hemant Raj Bhati (VulDB User)
.