Description
A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Problem types
Improper Control of Filename for Include/Require Statement in PHP Program
Product status
Timeline
| 2026-07-12: | Advisory disclosed |
| 2026-07-12: | VulDB entry created |
| 2026-07-12: | VulDB entry last update |
Credits
Hemant Raj Bhati (VulDB User)
References
vuldb.com/vuln/377890 (VDB-377890 | SourceCodester Online Book Store System Administrative index.php php file inclusion)
vuldb.com/vuln/377890/cti (VDB-377890 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15540 (CVE-2026-15540 | CVE Analysis and Report)
vuldb.com/submit/855048 (Submit #855048 | SourceCodester Online Book Store System 1.0 Local File Inclusion)
medium.com/...leading-to-source-code-disclosure-ce722de0c407
www.sourcecodester.com/