CVE-2026-37345
Published: 16 April 2026
Summary
CVE-2026-37345 is a critical-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-37345 is a SQL Injection vulnerability (CWE-89) in SourceCodester Vehicle Parking Area Management System version 1.0, affecting the file /parking/manage_park.php. Published on 2026-04-16T15:17:37.447, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact across confidentiality, integrity, and availability.
A remote network attacker requires no privileges or user interaction to exploit this vulnerability with low attack complexity. Exploitation enables high-impact outcomes, including unauthorized access to sensitive data, data manipulation, and service disruption on the affected system.
Mitigation details are available in the referenced advisory at https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-5.md.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-23262
Vulnerability details
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web app directly enables T1190 for remote unauthenticated exploitation leading to data access/manipulation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents SQL injection by requiring validation and sanitization of user inputs to /parking/manage_park.php before database processing.
Addresses the CVE by identifying, reporting, and remediating the specific SQL injection flaw in the application code.
Mitigates SQL injection by restricting inputs at entry points to approved types, content, and formats that block malicious payloads.