CVE-2026-4014

HIGH

Cafe Reservation System 1.0 - SQL Injection

Title source: llm

Description

A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

References (5)

[Issue Tracking] https://github.com/wangchaoxing/CVE/issues/5

[Various Sources] https://itsourcecode.com/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.350536

[Permissions Required, VDB Entry] https://vuldb.com/?id.350536

[Permissions Required, VDB Entry] https://vuldb.com/?submit.769789

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 8.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89 CWE-74

Status published

Products (1)

luffypirates/cafe_reservation_system 1.0

Published Mar 12, 2026

Tracked Since Mar 12, 2026