Description
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Published: 2026-03-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL injection leading to data exposure
Action: Apply Patch
AI Analysis

Impact

A vulnerability exists in the Simple Laundry System that allows an attacker to inject SQL statements through the userid parameter in the modstaffinfo.php component. The flaw can be exploited remotely and may enable the adversary to read, modify, or delete sensitive database records, potentially exposing customer data and compromising the integrity of the system. The weakness is consistent with CWE‑74 (Improper Neutralization of Special Elements used in a Command) and CWE‑89 (SQL Injection).

Affected Systems

code-projects Simple Laundry System version 1.0 is affected. No other versions or editions are mentioned in the advisory.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The publicly released exploit demonstrates that the attack can be performed from remote locations without special privileges, making the risk significant for installations exposed to the internet.

Generated by OpenCVE AI on March 27, 2026 at 06:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether your installation is running code-projects Simple Laundry System 1.0.
  • If a vendor patch or newer version is available, upgrade immediately to eliminate the vulnerability.
  • If no patch exists, validate the userid input to ensure it is an integer or otherwise sanitized before use in database queries, or replace the vulnerable code with prepared statements or parameterized queries.
  • Implement web application firewall rules that block suspicious SQL patterns on the relevant endpoint.
  • Monitor database and web logs for attempted injection activity and investigate any anomalies.

Generated by OpenCVE AI on March 27, 2026 at 06:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Title code-projects Simple Laundry System Parameter modstaffinfo.php sql injection
First Time appeared Code-projects
Code-projects simple Laundry System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects simple Laundry System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple Laundry System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T02:25:22.037Z

Reserved: 2026-03-26T16:03:39.304Z

Link: CVE-2026-4908

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T03:16:01.670

Modified: 2026-03-27T03:16:01.670

Link: CVE-2026-4908

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:22Z

Weaknesses