A vulnerability classified as critical was found in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload.

This vulnerability is listed as CVE-2026-15539. The attack may be performed from remote. In addition, an exploit is available.