CVE-2026-0591 – code-projects Online Product Reservation System Cart Update update.php sql injection

CVE ID : CVE-2026-0591

Published : Jan. 5, 2026, 2:15 p.m. | 2 hours, 10 minutes ago

Description : A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…