Unknown · Projectworlds Online Art Gallery Shop · CVE-2026-3406
**Name of the Vulnerable Software and Affected Versions**
projectworlds Online Art Gallery Shop version 1.0
**Description**
A SQL injection issue exists in the Registration Handler component of projectworlds Online Art Gallery Shop version 1.0. The issue is located in the `/admin/registration.php` file, specifically within an unknown function. Manipulating the `fname` argument can lead to SQL injection. The attack can be launched remotely, and details about the exploit have been publicly released.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.