Submit #731091: code-projects Online Product Reservation system V1.0 SQL Injectioninfo

Titlecode-projects Online Product Reservation system V1.0 SQL Injection
DescriptionA critical SQL injection vulnerability exists in the product editing functionality. The application directly concatenates user input from both GET and POST parameters into SQL queries without validation, allowing attackers to extract sensitive database data and modify product information.
Source⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_admin_edit.php.md
User
 Ho Cherry (UID 94105)
Submission01/03/2026 12:13 (5 months ago)
Moderation01/03/2026 17:02 (5 hours later)
StatusAccepted
VulDB entry339463 [code-projects Online Product Reservation System 1.0 POST Parameter edit.php prod_id/name/price/model/serial sql injection]
Points17

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!