Local File Inclusion in SourceCodester Online Book Store System by SourceCodester
CVE-2026-15540
5.3MEDIUM
What is CVE-2026-15540?
A Local File Inclusion vulnerability exists in the SourceCodester Online Book Store System version 1.0. An improperly controlled filename for include/require statements in the /admin/index.php file allows attackers to manipulate the argument 'page', potentially leading to remote exploitation. This flaw can compromise the system's security, enabling unauthorized file access, and is actively being exploited in the wild. Administrators should ensure all components are updated and consider implementing security best practices to mitigate potential risks.
Affected Version(s)
Online Book Store System 1.0
