Product
A remote SQL injection vulnerability (CVE-2026-15537) has been identified in SourceCodester Online Book Store System 1.0. The flaw is located in the `admin/login.php` file, specifically impacting the 'Username' argument, and allows for authentication bypass. This vulnerability can be exploited remotely, and a public exploit is available.