CVE Catalog

CVE-2026-56034

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

An unauthenticated SQL Injection vulnerability exists in Library Management System versions 3.5.7 and earlier. An attacker can remotely execute arbitrary SQL queries, leading to unauthorized database access.

Risk Assessment

The risk includes theft, modification, or deletion of library data, including user and book records. It may also allow system takeover through privilege escalation.

Recommendation

Immediately upgrade the system to a version newer than 3.5.7 that contains the fix. In the meantime, restrict access to the system to trusted networks only.

Original NVD description (English source)

Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS