CVE-2026-0584

CVE Database · CVE-2026-0584

CVE-2026-0584

· MEDIUMAnalyzed

CVSS v3.1

6.3

CVSS v4.0

2.1

EPSS

0.32%

Published

Jan 5, 2026

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-74CWE-89

Affected Products (1)

fabian · online_product_reservation_systemvulnerable

References (6)

https://code-projects.org/

Product

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_left_cart.php.md

ExploitThird Party Advisory

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_left_cart.php.md#poc