CVE-2026-3406
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Analysis
SQL injection in Online Art Gallery Shop 1.0 via the fname parameter in /admin/registration.php enables unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected PHP installations at immediate risk of data compromise or unauthorized access.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Disable or restrict access to /admin/registration.php via network firewall or WAF rules; audit administrative account logs for suspicious activity. Within 7 days: Implement Web Application Firewall (WAF) rules to block exploitation attempts; conduct thorough review of all admin accounts and reset credentials; consider taking the registration module offline if business operations permit. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today