← Retour aux CVEs

CVE-2026-0575

HIGH

7.3

Description

A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the component Administrator Login. Such manipulation of the argument emailadd/pass leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Details CVE

Score CVSS v3.17.3

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/4/2026

Derniere modification1/9/2026

Sourcenvd

Observations honeypot0

Produits affectes

fabian:online_product_reservation_system

Faiblesses (CWE)

CWE-74CWE-89

References

https://code-projects.org/(cna@vuldb.com)

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_admin_login.md(cna@vuldb.com)

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_admin_login.md#poc(cna@vuldb.com)

https://vuldb.com/?ctiid.339459(cna@vuldb.com)

https://vuldb.com/?id.339459(cna@vuldb.com)

https://vuldb.com/?submit.731011(cna@vuldb.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.