| Title | code-projects Online Product Reservation system V1.0 SQL Injection |
|---|
| Description | A critical SQL injection vulnerability exists in the user login functionality. The application directly concatenates user input into SQL query without validation, allowing attackers to bypass authentication completely and extract sensitive user data. |
|---|
| Source | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_login.php.md |
|---|
| User | Ho Cherry (UID 94105) |
|---|
| Submission | 01/03/2026 12:16 (3 months ago) |
|---|
| Moderation | 01/04/2026 08:01 (20 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 339475 [code-projects Online Product Reservation System 1.0 User Login app/user/login.php emailadd sql injection] |
|---|
| Points | 16 |
|---|