CVE-2026-3406

HIGH

Online Art Gallery Shop 1.0 - SQL Injection

Title source: llm

Description

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

References (4)

[Issue Tracking] https://github.com/ubfbuz3/cve/issues/55

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.348301

[Permissions Required, VDB Entry] https://vuldb.com/?id.348301

[Permissions Required, VDB Entry] https://vuldb.com/?submit.763740

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-89 CWE-74

Status published

Affected Products (1)

projectworlds/online_art_gallery_shop

Timeline

Published Mar 02, 2026

Tracked Since Mar 02, 2026