CVE-2026-0579

Name of the Vulnerable Software and Affected Versions Online Product Reservation System version 1.0

Description A flaw exists in the POST Parameter Handler component of the software, specifically within the /handgunner-administrator/edit.php file. The prod id, name, price, model, and serial arguments are susceptible to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Apply any available updates to address the SQL injection issue in the POST Parameter Handler component. As a temporary workaround, restrict or carefully sanitize input to the prod id, name, price, model, and serial parameters within the /handgunner-administrator/edit.php file.