CVE-2026-3711 PUBLISHED

A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

• OwenW (VulDB User) reporter

• VDB-349657 | code-projects Simple Flight Ticket Booking System Adminupdate.php sql injection
• VDB-349657 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #766309 | code-projects Simple Flight Ticket Booking System 1.0 SQL Injection
• Submit #767264 | code-projects SIMPLE FLIGHT TICKET BOOKING SYSTEM V1.0 SQL Injection (Duplicate)
• https://github.com/Owen-YuanW/CVE/issues/5
• https://code-projects.org/

• SQL Injection CWE
• Injection CWE