CVE-2026-0590 | code-projects Online Product Reservation System 1.0 POST Parameter /app/checkout/delete.php ID sql injection

Inserito da Angelo Barbosa | Gen 4, 2026 | CVE

A vulnerability classified as critical has been found in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection.

The identification of this vulnerability is CVE-2026-0590. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-0590 | code-projects Online Product Reservation System 1.0 POST Parameter /app/checkout/delete.php ID sql injection

Post correlati

CVE-2025-22455 | Ivanti Workspace Control up to 10.19.0.0 SQL Credential hard-coded key

CVE-2025-12807 | Rockwell Automation FactoryTalk DataMosaix Private Cloud 7.11/8.00/8.01 API Endpoint sql injection

CVE-2025-10063 | itsourcecode POS Point of Sale System 1.0 deferred_table.php scripts cross site scripting

CVE-2025-68879 | Councilsoft Content Grid Slider Plugin up to 1.5 on WordPress cross site scripting