CVE-2026-0585 | code-projects Online Product Reservation System 1.0 GET Parameter /order_view.php transaction_id sql injection

Inserito da Angelo Barbosa | Gen 4, 2026 | CVE

A vulnerability was found in code-projects Online Product Reservation System 1.0 and classified as critical. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. Such manipulation of the argument transaction_id leads to sql injection.

This vulnerability is documented as CVE-2026-0585. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-0585 | code-projects Online Product Reservation System 1.0 GET Parameter /order_view.php transaction_id sql injection

Post correlati

CVE-2025-54468 | SUSE Rancher up to 2.9.11/2.10.9/2.11.5/2.12.1 Endpoint /meta/proxy information disclosure (GHSA-mjcp-rj3c-36fr)

CVE-2024-12940 | 1000 Projects Attendance Tracking Management System 1.0 student_action.php student_id sql injection

CVE-2024-38825 | VMware SALT prior 3006.12/3007.4 salt.auth.pki Password certificate validation

CVE-2024-3422 | SourceCodester Online Courseware 1.0 admin/activatestud.php selector sql injection