Login Sign Up

CVE-2026-3708

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary SQL commands via the Username parameter in the login.php file of Simple Flight Ticket Booking System 1.0. Attackers can potentially access, modify, or delete database contents, including sensitive user information. All users running version 1.0 of this software are affected.

💻 Affected Systems

Products:
  • Simple Flight Ticket Booking System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation with no special configuration required.

📦 What is this software?

Simple Flight Ticket Booking System by Carmelo

View all CVEs affecting Simple Flight Ticket Booking System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, privilege escalation, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized access to sensitive user data (passwords, personal information, booking details), authentication bypass, and potential data manipulation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available and SQL injection is a well-understood attack vector with many automated tools available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

1. Check vendor website for updates. 2. If no patch available, implement workarounds. 3. Consider replacing with alternative software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add parameterized queries or input validation to login.php

Modify login.php to use prepared statements: $stmt = $conn->prepare('SELECT * FROM users WHERE username = ?'); $stmt->bind_param('s', $username);

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

  • Isolate the system behind a firewall with strict access controls
  • Implement network segmentation to limit database access

🔍 How to Verify

Check if Vulnerable:

Test login.php with SQL injection payloads like ' OR '1'='1 in Username field

Check Version:

Check software documentation or admin panel for version information

Verify Fix Applied:

Attempt SQL injection after implementing fixes; should return proper error or no database interaction

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in application logs
  • Multiple failed login attempts with SQL syntax

Network Indicators:

  • HTTP requests to login.php containing SQL keywords (UNION, SELECT, INSERT)

SIEM Query:

source="web_logs" AND uri="/login.php" AND (request CONTAINS "UNION" OR request CONTAINS "SELECT" OR request CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2026-3708
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
Published: March 8, 2026
Last Updated: March 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3708, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)