CVE-2026-4580 - Vulnerability Details

- code-projects Simple Laundry System Parameters checkupdatestatus.php sql injection

Description

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Published: 2026-03-23

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability occurs when the serviceId argument in /checkupdatestatus.php is not properly sanitized, enabling an attacker to inject arbitrary SQL statements. The flaw can lead to disclosure, modification, or deletion of database records, compromising confidentiality and integrity.

Affected Systems

The affected application is code-projects Simple Laundry System version 1.0. Other minor versions are unlikely to be affected unless the same unpatched code remains.

Risk and Exploitability

With a CVSS score of 6.9, the flaw represents medium severity. The EPSS score is below 1 %, indicating low current exploitation probability, and it is not listed in the CISA KEV catalog. However, because the exploit code is publicly available, attackers can launch a remote attack by sending a crafted serviceId value, prompting the database to execute injected commands and potentially gain full control over the underlying data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

code-projects

Simple Laundry System

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:code-projects:simple_laundry_system:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Code-projects

Simple Laundry System

95%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any official patch or upgrade to a secured version of Simple Laundry System.
If no patch, disable or restrict access to the /checkupdatestatus.php endpoint via firewall or web server rules.
Ensure that all input parameters, especially serviceId, are validated and correctly parameterized before use in SQL queries.
Review and tighten database permissions for the application user to limit damage from injection.
Monitor database logs for suspicious activity and apply timely security advisories.

Generated by OpenCVE AI on April 3, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://code-projects.org/
https://github.com/anon387tdug/anon388/issues/2
https://vuldb.com/?ctiid.352417
https://vuldb.com/?id.352417
https://vuldb.com/?submit.775210

History

Fri, 03 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:code-projects:simple_laundry_system:1.0:::::::*

Mon, 23 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 23 Mar 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Title		code-projects Simple Laundry System Parameters checkupdatestatus.php sql injection
First Time appeared		Code-projects Code-projects simple Laundry System
Weaknesses		CWE-74 CWE-89
CPEs		cpe:2.3:a:code-projects:simple_laundry_system::::::::
Vendors & Products		Code-projects Code-projects simple Laundry System
References		https://code-projects.org/ https://github.com/anon387tdug/anon388/issues/2 https://vuldb.com/?ctiid.352417 https://vuldb.com/?id.352417 https://vuldb.com/?submit.775210
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Code-projects Simple Laundry System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-23T08:48:35.672Z

Updated: 2026-03-23T16:38:39.630Z

Reserved: 2026-03-22T08:53:38.564Z

Link: CVE-2026-4580

Vulnrichment

Updated: 2026-03-23T16:22:52.147Z

NVD

Status : Analyzed

Published: 2026-03-23T09:16:24.610

Modified: 2026-04-03T17:48:14.100

Link: CVE-2026-4580

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-03T21:18:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object