CVE-2026-7131

Name of the Vulnerable Software and Affected Versions code-projects Online Lot Reservation System versions prior to 1.1

Description A remote SQL injection can occur due to the manipulation of the email and password arguments within an unknown function of the '/loginuser.php' file. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database.

Recommendations As a temporary workaround, restrict access to the '/loginuser.php' file or avoid using the email and password parameters until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.