code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2026-11488

Source VulDB

Published Jun 8, 2026 at 04:30

Affected Product

Vendor code-projects

Product Simple Flight Ticket Booking System

Version 1.0

Affected Versions code-projects Simple Flight Ticket Booking System 1.0

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2026-06-08T04:30:10.541Z",
    "modified": "2026-06-08T04:30:10.541Z",
    "type": "cve",
    "title": "code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369108\nhttps://vuldb.com/vuln/369108/cti\nhttps://vuldb.com/cve/CVE-2026-11488\nhttps://vuldb.com/submit/834511\nhttps://github.com/K1venn/cves/issues/1\nhttps://code-projects.org/",
    "id": "CVE-2026-11488",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "code-projects Simple Flight Ticket Booking System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Simple Flight Ticket Booking System",
    "version": "1.0",
    "vendor": "code-projects",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection_CVE-2026-11488