CVE-2026-4014

Name of the Vulnerable Software and Affected Versions itsourcecode Cafe Reservation System version 1.0

Description A security issue has been identified in itsourcecode Cafe Reservation System 1.0. The issue affects an unknown function within the /curvus2/signup.php file of the Registration component. Manipulating the Username argument results in SQL injection. Remote exploitation is possible, and the exploit has been publicly released.

Recommendations versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the /curvus2/signup.php file until a fix is available. Avoid using the Username parameter in the affected file until the issue is resolved.