Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Concert Ticket Reservation System 1.0: Remote SQL Injection Risk
CVE-2026-5554
Summary
A vulnerability in the Concert Ticket Reservation System 1.0 allows attackers to inject malicious code into the system, potentially allowing them to access sensitive information or disrupt the system. This can be exploited remotely, and exploit code is now publicly available. Update the system to the latest version to mitigate this risk.
Original title
A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/p...
Original description
A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/process_search.php of the component Parameter Handler. Performing a manipulation of the argument searching results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026