CVE-2026-3710
SQL Injection in Simple Flight Ticket Booking System Adminadd.php
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| carmelo | simple_flight_ticket_booking_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3710 is a critical SQL injection vulnerability found in version 1.0 of the Simple Flight Ticket Booking System, specifically in the /Adminadd.php file.'}, {'type': 'paragraph', 'content': "The vulnerability arises because multiple GET parameters such as 'flightno', 'airplaneid', 'departure', 'dtime', 'arrival', 'atime', 'ec', 'ep', 'bc', and 'bp' are directly concatenated into SQL queries without proper sanitization or validation."}, {'type': 'paragraph', 'content': 'This improper handling allows attackers to inject malicious SQL code through these parameters, potentially executing arbitrary SQL commands.'}, {'type': 'paragraph', 'content': "A proof-of-concept exploit demonstrates that an attacker can, for example, inject SQL commands to drop tables or manipulate data by crafting malicious input in the 'flightno' parameter."}, {'type': 'paragraph', 'content': 'Exploitation can be performed remotely and may require administrative authentication depending on the deployment.'}, {'type': 'paragraph', 'content': 'The recommended fix is to use prepared statements with parameter binding and to apply rigorous input validation and filtering.'}] [1, 2, 3, 4]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can allow attackers to perform unauthorized database operations such as inserting malicious data, modifying existing records, deleting data, or even dropping entire tables.'}, {'type': 'paragraph', 'content': "Such unauthorized access compromises the confidentiality, integrity, and availability of the system's data."}, {'type': 'paragraph', 'content': 'Attackers can remotely exploit this flaw to manipulate or retrieve sensitive information from the database.'}, {'type': 'paragraph', 'content': "Depending on the system's deployment, exploitation may require administrative authentication, but the attack can still be performed remotely."}] [1, 2, 3, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by testing the vulnerable parameters in the /Adminadd.php file for SQL injection flaws. The parameters to test include 'flightno', 'airplaneid', 'departure', 'dtime', 'arrival', 'atime', 'ec', 'ep', 'bc', and 'bp'."}, {'type': 'paragraph', 'content': "One practical approach is to use automated SQL injection detection tools such as sqlmap to test the 'flightno' parameter, which has been confirmed exploitable. For example, a command like the following can be used to test the parameter:"}, {'type': 'list_item', 'content': 'sqlmap -u "http://targetsite/Adminadd.php?flightno=AA123&airplaneid=plane1&departure=NYC&dtime=10:00&arrival=LAX&atime=14:00&ec=100&ep=500&bc=50&bp=1000" --data="" --risk=3 --level=5 --batch'}, {'type': 'paragraph', 'content': "Additionally, manual testing can be performed by injecting SQL payloads into the 'flightno' parameter in the URL, such as attempting to terminate the SQL query and add malicious commands (e.g., using payloads like 'AA123', 'plane1', 'NYC', '10:00', 'LAX', '14:00'); DROP TABLE flight;--)."}, {'type': 'paragraph', 'content': "Vulnerable targets can also be identified using Google dorking by searching for URLs containing 'inurl:Adminadd.php'."}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include implementing prepared statements with parameter binding to prevent SQL injection attacks.'}, {'type': 'paragraph', 'content': "Additionally, rigorous input validation and filtering should be applied to all user-supplied parameters, especially those listed: 'flightno', 'airplaneid', 'departure', 'dtime', 'arrival', 'atime', 'ec', 'ep', 'bc', and 'bp'."}, {'type': 'paragraph', 'content': 'If possible, restrict access to the vulnerable /Adminadd.php file to trusted users only, as exploitation may require administrative authentication depending on deployment.'}, {'type': 'paragraph', 'content': 'As a longer-term solution, consider replacing the affected component with an alternative product or updating the software to a version that addresses this vulnerability.'}] [1, 3]