Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Simple Flight Ticket Booking System: SQL Injection via Admin Panel
CVE-2026-3711
Summary
A bug in the Simple Flight Ticket Booking System's admin panel allows an attacker to potentially inject malicious SQL code, which could lead to unauthorized access to sensitive data or system compromise. This is a serious issue, as it could allow an attacker to manipulate the system remotely. Users of this system should update to a fixed version or take immediate action to secure their instance.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| carmelo | simple_flight_ticket_booking_system | 1.0 | – |
Original title
A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airpla...
Original description
A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
nvd CVSS2.0
5.8
nvd CVSS3.1
4.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026