CVE-2026-3708

HIGH

Simple Flight Ticket Booking System 1.0 - SQL Injection

Title source: llm

Description

A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

References (7)

Scores

CVSS v3 7.3
EPSS 0.0005
EPSS Percentile 14.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-89 CWE-74
Status published
Products (1)
carmelo/simple_flight_ticket_booking_system 1.0
Published Mar 08, 2026
Tracked Since Mar 08, 2026