CVE-2026-6166 | code-projects Vehicle Showroom Management System 1.0 UpdateVehicleFunction.php VEHICLE_ID sql injection

Inserito da Angelo Barbosa | Apr 12, 2026 | CVE

A vulnerability marked as critical has been reported in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection.

This vulnerability is listed as CVE-2026-6166. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2026-6166 | code-projects Vehicle Showroom Management System 1.0 UpdateVehicleFunction.php VEHICLE_ID sql injection

Post correlati

CVE-2024-32752 | Johnson Controls Software House iStar Pro Door Controller missing authentication (icsa-24-158-04)

CVE-2024-7335 | TOTOLINK EX200 4.0.3c.7646_B20201211 cstecgi.cgi getSaveConfig http_host buffer overflow

CVE-2026-4877 | itsourcecode Payroll Management System up to 1.0 /index.php page cross site scripting

CVE-2024-38462 | iRODS up to 4.3.1 mail mailMS.cpp msiSendMail Privilege Escalation