Description
A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Published: 2026-03-25
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The Simple Laundry System 1.0 contains a flaw in the Parameter Handler component, specifically in /checkcheckout.php. By manipulating the serviceId argument, an attacker can inject arbitrary SQL commands. The vulnerability can be triggered remotely, enabling external actors to execute malicious queries against the underlying database, leading to data theft, modification, or deletion.

Affected Systems

The affected product is code‑projects Simple Laundry System version 1.0. The flaw exists in the /checkcheckout.php file within the Parameter Handler component. No other versions or variants are indicated as affected.

Risk and Exploitability

The CVSS base score of 6.9 reflects moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the near term. The vulnerability is not catalogued in CISA’s KEV list. Attackers can exploit the flaw over the network by sending crafted HTTP requests that supply a malicious serviceId parameter, and an exploit has already been made public.

Generated by OpenCVE AI on April 3, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patch or updated version of Simple Laundry System that resolves the SQL injection flaw in checkcheckout.php.
  • If an update is unavailable, restrict access to the /checkcheckout.php endpoint to authorized users and implement input validation to prevent malicious serviceId values.
  • Continuously monitor application logs for anomalous SQL queries or failed login attempts.

Generated by OpenCVE AI on April 3, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:code-projects:simple_laundry_system:1.0:*:*:*:*:*:*:*

Wed, 25 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 01:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Title code-projects Simple Laundry System Parameter checkcheckout.php sql injection
First Time appeared Code-projects
Code-projects simple Laundry System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects simple Laundry System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple Laundry System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-25T12:59:43.365Z

Reserved: 2026-03-24T15:15:43.731Z

Link: CVE-2026-4784

cve-icon Vulnrichment

Updated: 2026-03-25T12:59:38.079Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T02:16:06.350

Modified: 2026-04-03T17:47:13.597

Link: CVE-2026-4784

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:18:06Z

Weaknesses