CVE-2026-15539 PUBLISHED

SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload

Assigner: VulDB
Reserved: 12.07.2026 Published: 13.07.2026 Updated: 13.07.2026

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 5.1

Product Status

Vendor SourceCodester
Product Online Book Store System
Versions
  • Version 1.0 is affected

Credits

  • Hemant Raj Bhati (VulDB User) reporter

References

Problem Types

  • Unrestricted Upload CWE
  • Improper Access Controls CWE