CVE-2026-4579

HIGH

code-projects Simple Laundry System Parameters viewdetail.php sql injection

Title source: cna

Description

A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/?id.352416

[Signature, Permissions Required] https://vuldb.com/?ctiid.352416

[Third Party Advisory] https://vuldb.com/?submit.775209

[Exploit] https://github.com/anon387tdug/anon388/issues/3

[Product] https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 10.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-74 CWE-89

Status published

Products (2)

code-projects/Simple Laundry System 1.0

code-projects/simple_laundry_system 1.0

Published Mar 23, 2026

Tracked Since Mar 23, 2026