CVE-2026-11488 | code-projects Simple Flight Ticket Booking System 1.0 POST Parameter checkUser.php Username sql injection
A vulnerability marked as critical has been reported in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection.
This vulnerability is uniquely identified as CVE-2026-11488. The attack is possible to be carried out remotely. Moreover, an exploit is present.