CVE-2026-0591
SQL Injection in code-projects Reservation System Cart Update
Publication date: 2026-01-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | online_product_reservation_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0591 is a critical SQL injection vulnerability in version 1.0 of the code-projects Online Product Reservation System. It exists in the Cart Update Handler component, specifically in the file /app/checkout/update.php. The vulnerability occurs because the application insecurely concatenates the 'id' and 'qty' POST parameters directly into SQL queries without proper input validation or sanitization. This allows an attacker to inject malicious SQL code remotely, potentially extracting sensitive cart and product data from the database. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely execute SQL injection attacks on your system. They can manipulate the 'id' and 'qty' parameters to extract sensitive information from your database, such as cart and product data. It compromises the confidentiality, integrity, and availability of your system. Since the exploit is publicly available and easily exploitable without authentication, it poses a significant security risk. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying requests to the vulnerable endpoint /app/checkout/update.php that include manipulation of the 'id' and 'qty' parameters. One detection method is to search for HTTP requests containing these parameters with suspicious or malformed SQL syntax. Additionally, Google dorking can be used to find vulnerable targets using the query: inurl:app/checkout/update.php. Network monitoring tools or web application firewalls (WAF) can be configured to alert on such patterns. Specific commands might include using curl or wget to test the endpoint with crafted payloads, or using grep to search web server logs for suspicious parameter values. For example, a curl command to test might be: curl -X POST -d "id=1' OR '1'='1&qty=10" http://target/app/checkout/update.php [3, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected software with an alternative product, as no known countermeasures or mitigations have been identified. Additionally, restricting access to the vulnerable endpoint, applying web application firewall rules to block SQL injection attempts targeting the 'id' and 'qty' parameters, and monitoring for exploit attempts are recommended. Input validation and sanitization should be implemented if possible, but since the vulnerability is in version 1.0 and publicly exploitable, upgrading or replacing the software is the advised course of action. [3]