Description
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Published: 2026-04-01
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection (Remote)
Action: Immediate Patch
AI Analysis

Impact

A flaw in the Simple Laundry System allows an attacker to supply a crafted firstName value to the /modify.php endpoint. The unsanitized input leads to SQL injection, permitting the attacker to execute arbitrary SQL statements. As a result, confidentiality and integrity of the database could be compromised, allowing sensitive data disclosure or modification.

Affected Systems

The vulnerability impacts the code-projects Simple Laundry System version 1.0, affecting the component Parameter Handler accessed via /modify.php.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS score of less than 1% suggests low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, yet the exploit has been published and can be executed remotely through a web request.

Generated by OpenCVE AI on April 3, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor patch for Simple Laundry System 1.0 as soon as it becomes available
  • If a patch is not available, restrict access to the /modify.php endpoint and enforce stricter input validation or use parameterized database queries
  • Monitor database logs for suspicious SQL activity to detect potential exploitation attempts

Generated by OpenCVE AI on April 3, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:code-projects:simple_laundry_system:1.0:*:*:*:*:*:*:*

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Title code-projects Simple Laundry System Parameter modify.php sql injection
First Time appeared Code-projects
Code-projects simple Laundry System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects simple Laundry System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple Laundry System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-01T13:10:46.469Z

Reserved: 2026-03-31T16:17:48.737Z

Link: CVE-2026-5256

cve-icon Vulnrichment

Updated: 2026-04-01T13:10:42.821Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T06:16:16.123

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-5256

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:23Z

Weaknesses