Description
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-03-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the /checklogin.php processing of the Username field. An attacker can supply a specially crafted string that is incorporated directly into an SQL statement, allowing arbitrary SQL commands to be executed against the underlying database. This could expose sensitive data such as user identifiers, authentication tokens, or even allow modification of database records. The weakness aligns with CWE-74 and CWE-89. The impact is that an attacker can read, modify, or delete data, potentially leading to loss of confidentiality, integrity, or availability of the application data. Note: The vulnerability description was updated, but the new details are not available for analysis.

Affected Systems

The affected system is code-projects Simple Laundry System, version 1.0. The vulnerability is tied to the Parameters Handler component in checklogin.php. Any deployment of this version that exposes the login endpoint to users over the network is susceptible. Users running earlier or newer versions where the vulnerability is fixed are not affected.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is remote, requiring the victim to send a malicious Username value to the login script. Successful exploitation does not require local privileges and can be performed over standard HTTP/HTTPS connections. An adversary with no prior access could thus hijack accounts or manipulate system data.

Generated by OpenCVE AI on April 18, 2026 at 09:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied patch or upgrade to a version where the checklogin.php Username handling is fixed
  • If a patch is not yet available, restrict access to checklogin.php to trusted IP ranges or remove the endpoint from public exposure
  • Implement input validation or use parameterized queries to ensure the Username value cannot alter the structure of the SQL statement
  • Deploy a web application firewall to detect and block SQL injection patterns
  • Monitor authentication logs for anomalous login attempts and investigate suspicious activity

Generated by OpenCVE AI on April 18, 2026 at 09:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 05:30:00 +0000

Type Values Removed Values Added
References

Sat, 18 Apr 2026 04:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. If you want to get best quality of vulnerability data, you may have to visit VulDB. A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
References

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:code-projects:simple_laundry_system:1.0:*:*:*:*:*:*:*

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 09:45:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Title code-projects Simple Laundry System Parameters checklogin.php sql injection
First Time appeared Code-projects
Code-projects simple Laundry System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects simple Laundry System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple Laundry System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-18T03:37:53.025Z

Reserved: 2026-03-22T08:53:42.727Z

Link: CVE-2026-4581

cve-icon Vulnrichment

Updated: 2026-03-23T16:02:09.696Z

cve-icon NVD

Status : Modified

Published: 2026-03-23T10:16:07.803

Modified: 2026-04-18T05:16:23.113

Link: CVE-2026-4581

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:45:25Z

Weaknesses