Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Exploitable SQL Injection in Vehicle Showroom Management System
CVE-2026-6149
Summary
A weak point in the Vehicle Showroom Management System (version 1.0) allows hackers to manipulate data by exploiting a vulnerability in the system's booking process. This could allow unauthorized access to sensitive information. To protect your business, update to a fixed version of the software or apply the recommended patches.
Original title
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulati...
Original description
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 13 Apr 2026 · Updated: 13 Apr 2026 · First seen: 13 Apr 2026