EUVD-2026-14390
GHSA-r3f3-v663-2fq7
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Analysis
SQL injection in Simple Laundry System 1.0's /checkupdatestatus.php parameter handler allows unauthenticated remote attackers to manipulate the serviceId argument and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for affected deployments.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Simple Laundry System v1.0 and immediately isolate affected instances from production networks or disable the application. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns targeting /checkupdatestatus.php and restrict network access to this application to trusted internal networks only. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today