CVE-2026-3705

HIGH

Simple Flight Ticket Booking System 1.0 - SQL Injection

Title source: llm

Description

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

References (6)

Scores

CVSS v3 7.3
EPSS 0.0005
EPSS Percentile 16.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-89 CWE-74
Status published
Products (1)
carmelo/simple_flight_ticket_booking_system 1.0
Published Mar 08, 2026
Tracked Since Mar 08, 2026