EUVD-2026-19058
GHSA-f2v5-9f28-pgfv
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parameter Handler. Executing a manipulation of the argument Email can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
SQL injection in code-projects Concert Ticket Reservation System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database contents via the Email parameter in login.php. The vulnerability is trivially exploitable (CVSS AC:L, PR:N) with publicly available exploit code demonstrating the attack path. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Concert Ticket Reservation System 1.0 and immediately isolate internet-facing instances or restrict access via network controls (WAF rules, IP whitelisting). Within 7 days: Deploy SQL injection input validation patches or implement parameterized queries if source code access is available; alternatively, migrate to a patched version when released by the vendor. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today