Home / Vulnerability Intelligence / CVE-2026-3709

CVE-2026-3709 - Vulnerability Analysis

HighCVSS: 7.3

Last Updated: March 9, 2026

code-projects Simple Flight Ticket Booking System - SQL Injection

Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

code-projects Simple Flight Ticket Booking System 1.0 contains a sql injection caused by manipulation of the "Username" argument in /register.php, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request.

Severity & Score

Severity: High

CVSS Score: 7.3

Impact

Remote attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Update to the latest version or apply patches to fix the SQL injection vulnerability.

References

https://vuldb.com/?ctiid.349655
https://vuldb.com/?id.349655
https://vuldb.com/?submit.766142
https://vuldb.com/?submit.767883
https://code-projects.org/
https://github.com/Owen-YuanW/CVE/issues/3

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3709
Severity: High
CVSS Score: 7.3
Type: sql_injection
Status: confirmed

CWE

CWE-74
CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L