LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-3723

CVE-2026-3723 - Vulnerability Analysis

HighCVSS: 7.3

Last Updated: March 9, 2026

code-projects Simple Flight Ticket Booking System - SQL Injection

Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

code-projects Simple Flight Ticket Booking System 1.0 contains a sql injection caused by manipulation of the "flightno" argument in /Admindelete.php, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request.

Severity & Score

Severity: High
CVSS Score: 7.3
EPSS Score: 3.3%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary SQL commands, potentially leading to data theft or modification.

Mitigation

Update to the latest version or apply patches that fix the SQL injection vulnerability.

References

Social Media Activity(1 post)

Yazoul Alerts
Yazoul Alerts
@Matchbook3469
Mar 9, 2026

🔶 New security advisory: CVE-2026-3723 affects multiple systems. • Impact: Significant security breach potential • Risk: Unauthorized access or data exposure • Mitigation: Apply patches within 24-48 hours Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-3723 #Cybersecurity #PatchNow #InfoSecCommunity

View original post

Related Resources

Details

CVE ID
CVE-2026-3723
Severity
High
CVSS Score
7.3
Type
sql_injection
Status
confirmed
EPSS
3.3%
Social Posts
1

CWE

  • CWE-74
  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

3.3%Probability of exploitation in the next 30 days