CVE-2026-4908

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Mar 27, 2026

Vendor unknown

Description

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

References

https://code-projects.org/
https://github.com/Niuzzz123/CVE-Niuzzz/issues/2
https://vuldb.com/?ctiid.353659
https://vuldb.com/?id.353659
https://vuldb.com/?submit.777501