CVE-2026-6152 | code-projects Vehicle Showroom Management System 1.0 StaffAddingFunction.php STAFF_ID sql injection

Inserito da Angelo Barbosa | Apr 12, 2026 | CVE

A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection.

This vulnerability is handled as CVE-2026-6152. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-6152 | code-projects Vehicle Showroom Management System 1.0 StaffAddingFunction.php STAFF_ID sql injection

Post correlati

CVE-2024-13111 | Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2 JWT Token SysUserControl improper authentication

CVE-2024-25632 | eLabFTW up to 5.0.x saml_team_create privileges assignment (GHSA-6m7p-gh9f-5mgg)

CVE-2025-40976 | WorkDo TicketGo POST Request /ticketgo-saas/home Description cross site scripting

CVE-2025-0938 | Python up to 3.14.0a3 URL Parser urllib.parse.urlsplit/urlparse input validation (Issue 105704)