CVE-2026-13498

yashpokharna2555 restaurent-management-system POST Parameter forgotpassword.php sql injection

Assigner: VulDB
Reserved: 27.06.2026 Published: 28.06.2026 Updated: 28.06.2026

A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unknown function of the file /forgotpassword.php of the component POST Parameter Handler. Such manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 6.9

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	Low	Confidentiality	None
Attack Complexity	Low	Integrity	Low	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CVSS Score: 7.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CVSS Score: 7.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.0

CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
CVSS Score: 7.5

Access Vector	Network	Confidentiality Impact	Partial
Access Complexity	Low	Integrity Impact	Partial
Authentication	None	Availability Impact	Partial

CVSS 2.0

Product Status

Vendor	yashpokharna2555
Product	restaurent-management-system
Versions	Version 5f3eca87cb681366866a78038af17891c4c86612 is affected Version 6d1cc94c9007e2373d30d9c940824a5d2f50d9b6 is affected Version b7124069da225d5be3f430eb4d8e23d294f7a14f is affected

Vendor

yashpokharna2555

Product

restaurent-management-system

Versions

Version 5f3eca87cb681366866a78038af17891c4c86612 is affected
Version 6d1cc94c9007e2373d30d9c940824a5d2f50d9b6 is affected
Version b7124069da225d5be3f430eb4d8e23d294f7a14f is affected

Credits

wr0ld (VulDB User) reporter
VulDB CNA Team coordinator

References

Problem Types