Description

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component User Registration Handler. Performing a manipulation of the argument fname/lname/address/city/province/country/zip/tel_no/email/username results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

Related CPE's

Could not find any relations

References

https://code-projects.org/

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_register_code.php.md

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_register_code.php.md#poc

https://vuldb.com/?ctiid.339502

https://vuldb.com/?id.339502

https://vuldb.com/?submit.731130

Weaknesses

[email protected]

Primary
CWE-74CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.3 · High

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2026-01-05T14:15:54.700Z

41 hours ago

Last modified

2026-01-05T14:15:54.700Z

41 hours ago