Submit #731129: code-projects Online Product Reservation System V1.0 SQL Injectioninfo

Titlecode-projects Online Product Reservation System V1.0 SQL Injection
DescriptionA critical SQL injection vulnerability exists in the shopping cart update functionality. The application directly concatenates POST parameters into SQL UPDATE and SELECT queries without validation, allowing attackers to extract cart and product data.
Source⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_checkout_update.php.md
User
 Ho Cherry (UID 94105)
Submission01/03/2026 17:39 (3 months ago)
Moderation01/04/2026 19:06 (1 day later)
StatusAccepted
VulDB entry339501 [code-projects Online Product Reservation System 1.0 Cart Update /app/checkout/update.php id/qty sql injection]
Points17

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!