PT-2026-23918 · Unknown · Simple Flight Ticket Booking System
Owenw
·
Published
2026-03-08
·
Updated
2026-03-13
·
CVE-2026-3709
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Simple Flight Ticket Booking System version 1.0
Description
A flaw exists in Simple Flight Ticket Booking System 1.0 that allows for SQL injection. A manipulation of the
Username argument in the /register.php file can trigger this issue. The attack can be launched remotely. The exploit has been publicly released.Recommendations
Apply any available updates to address the SQL injection issue in the
/register.php file.
As a temporary workaround, sanitize the Username input to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple Flight Ticket Booking System