EUVD-2026-19077
GHSA-cjhf-4v4f-qhjg
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Analysis
SQL injection in code-projects Simple Laundry System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the userid parameter in /delmemberinfo.php. The vulnerability has publicly available exploit code (GitHub POC) and CVSS 7.3 severity with network-accessible attack vector requiring low complexity and no privileges. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of Simple Laundry System 1.0 in production and isolate or disable /delmemberinfo.php endpoint if operationally feasible; implement WAF rules to block SQL injection patterns on userid parameters. Within 7 days: Contact vendor for patch timeline; evaluate replacement or migration to patched laundry management system. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today