How to fix CVE-2026-5564?

Within 24 hours: Identify all systems running Simple Laundry System 1.0 and assess network exposure (internet-facing vs. internal only). Within 7 days: Implement network-level access controls to restrict /searchguest.php to authorized users only, or take the application offline if not business-critical. Within 30 days: Migrate to a patched alternative laundry management system or discontinue use of this unmaintained codebase; evaluate database backups for evidence of unauthorized modification.

Is PHP affected by CVE-2026-5564?

Simple Laundry System 1.0 contains an unauthenticated SQL injection vulnerability in the guest search function that allows remote attackers to read, modify, or delete database records without authentication.

CVE-2026-5564

EUVD-2026-19075 MEDIUM

2026-04-05 VulDB

GHSA-5867-gg4p-qv55

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

Analysis Generated

Apr 05, 2026 - 11:45 vuln.today

EUVD ID Assigned

Apr 05, 2026 - 11:45 euvd

EUVD-2026-19075

CVE Published

Apr 05, 2026 - 11:30 nvd

MEDIUM 6.9

Description

A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Analysis

SQL injection in code-projects Simple Laundry System 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via the searchServiceId parameter in /searchguest.php. CVSS 7.3 reflects network-accessible attack with low complexity requiring no privileges. …

Remediation

Within 24 hours: Identify all systems running Simple Laundry System 1.0 and assess network exposure (internet-facing vs. internal only). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +34

POC: +20

CVE-2026-5564 vulnerability details – vuln.today

Back

CVE-2026-5564

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-5564

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code