CVE-2026-3709
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
Simple Flight Ticket Booking System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all systems running Simple Flight Ticket Booking System versions up to 1.0; isolate affected systems from direct internet access if possible; enable enhanced logging and monitoring for SQL injection attack patterns. Within 7 days: Deploy Web Application Firewall (WAF) rules to block common SQL injection payloads; restrict database account privileges to minimum necessary permissions; conduct vulnerability scanning to identify exploitation attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today