Skip to content
CVSS 7.3 · HIGH

CVE-2026-7131

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

View on NVD

Analysis

This vulnerability affects a small hobbyist project from code-projects typically used for educational or student purposes. While it involves a high-severity SQL injection, the software is not widely deployed in production environments and does not impact the community stack.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-89

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 11.7%
EPSS: 2026-05-06

Technical description

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published: 4/27/2026, 3:16:21 PM
Last modified: 4/29/2026, 1:00:01 AM

References

HomeEventsBlogResourcesTeam