CVE-2026-0590

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0

Description A flaw exists in the Online Product Reservation System that allows for remote manipulation. The issue stems from a SQL injection point within the POST Parameter Handler, specifically in the /app/checkout/delete.php file. The ID argument is susceptible to manipulation, leading to potential SQL injection. The exploit for this issue has been publicly disclosed.

Recommendations Apply updates to address the vulnerability in the affected file /app/checkout/delete.php. Restrict or sanitize the ID parameter to prevent SQL injection attacks. As a temporary workaround, consider disabling the vulnerable function responsible for handling the ID parameter until a patch is available.