A vulnerability, which was classified as problematic, has been found in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program.

This vulnerability is cataloged as CVE-2026-15540. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.