Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Vehicle Showroom Management System 1.0 allows remote data theft via SQL injection
CVE-2026-6148
Summary
A vulnerability in the Vehicle Showroom Management System 1.0 allows hackers to access sensitive data remotely. If exploited, this could lead to theft of confidential information. Update to the latest version of the system to fix this issue.
Original title
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php...
Original description
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCH_ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 13 Apr 2026 · Updated: 13 Apr 2026 · First seen: 13 Apr 2026