Description
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-04-13
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

A weakness in the Vehicle Showroom Management System 1.0 enables an attacker to manipulate the ID argument in the /util/Login_check.php file, resulting in SQL injection. This flaw allows the execution of arbitrary SQL statements against the underlying database, potentially exposing sensitive data, modifying records, or enabling further exploitation. The vulnerability is classified under CWE-74 and CWE-89, signifying improper escape of user input and direct SQL injection respectively.

Affected Systems

The affected product is the code-projects Vehicle Showroom Management System 1.0. No specific sub‑versions are listed beyond the main release.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, while the EPSS score is not available. The vulnerability can be exploited remotely with publicly available proof‑of‑concept code, and it is not listed in the CISA KEV catalog. Attackers can target the exposed login check endpoint to execute SQL commands, compromising confidentiality, integrity, and possibly availability of the database.

Generated by OpenCVE AI on April 13, 2026 at 07:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest patch or release from code-projects that fixes the SQL injection in /util/Login_check.php.
  • If no patch is available, restrict direct access to the Login_check.php endpoint and validate or escape the ID parameter before using it in SQL queries.
  • Deploy a web application firewall or use input sanitization libraries to detect and block SQL injection attempts.
  • Continuously monitor web server and database logs for suspicious activity and verify that the mitigation is effective.

Generated by OpenCVE AI on April 13, 2026 at 07:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects vehicle Showroom Management System
Vendors & Products Code-projects
Code-projects vehicle Showroom Management System

Mon, 13 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Title code-projects Vehicle Showroom Management System Login_check.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Vehicle Showroom Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-13T05:45:17.209Z

Reserved: 2026-04-12T20:43:31.661Z

Link: CVE-2026-6165

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T06:16:07.373

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-6165

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:48Z

Weaknesses