Skip to content
CVSS 7.3 · HIGH

CVE-2026-7131

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Ver en NVD

Análisis

This vulnerability affects a small hobbyist project from code-projects typically used for educational or student purposes. While it involves a high-severity SQL injection, the software is not widely deployed in production environments and does not impact the community stack.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-74CWE-89

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 11.7%
EPSS: 2026-05-06

Descripción técnica

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Publicada: 27/4/2026, 15:16:21
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo