CVE-2026-3708
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Analysis
SQL injection in Simple Flight Ticket Booking System 1.0's login functionality allows unauthenticated attackers to manipulate the Username parameter and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Disable public internet access to the affected login.php file or take the application offline pending remediation; notify all users of potential exposure. Within 7 days: Deploy Web Application Firewall (WAF) rules to block known exploit patterns; implement IP-based access restrictions; establish vendor communication to obtain patch timeline. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today