Login Sign Up

CVE-2026-3406

7.3 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in Online Art Gallery Shop 1.0 allows attackers to manipulate database queries through the registration form's fname parameter. Attackers can potentially read, modify, or delete database contents remotely. Anyone running this specific version of the software is affected.

💻 Affected Systems

Products:
  • projectworlds Online Art Gallery Shop
Versions: 1.0
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations with the vulnerable registration.php file present

📦 What is this software?

Online Art Gallery Shop by Projectworlds

View all CVEs affecting Online Art Gallery Shop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, account takeover, or complete system control via SQL injection to RCE chaining

🟠

Likely Case

Data exfiltration of user information, session hijacking, and potential privilege escalation

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible remotely without authentication
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the system

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit is publicly available and requires minimal technical skill to execute

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add parameterized queries and input validation to registration.php

Modify /admin/registration.php to use prepared statements with PDO or mysqli

Web Application Firewall Rules

all

Block SQL injection patterns targeting the registration endpoint

Add WAF rule: deny requests to /admin/registration.php containing SQL keywords in fname parameter

🧯 If You Can't Patch

  • Disable or restrict access to /admin/registration.php via web server configuration
  • Implement network segmentation to isolate the vulnerable system from sensitive data

🔍 How to Verify

Check if Vulnerable:

Test the /admin/registration.php endpoint with SQL injection payloads in the fname parameter

Check Version:

Check the software version in the application's admin panel or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and that input validation is properly implemented

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in web server logs
  • Multiple failed registration attempts with SQL keywords in parameters

Network Indicators:

  • HTTP requests to /admin/registration.php containing SQL injection patterns

SIEM Query:

source="web_server" AND (uri="/admin/registration.php" AND (param="fname" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "--"))

📊 Metadata

CVE ID: CVE-2026-3406
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
Published: March 2, 2026
Last Updated: March 3, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3406, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)