CVE-2026-7132

MEDIUM CVSS 5.3 View on NVD ↗

Description

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

https://code-projects.org/
https://github.com/zzk6th/cve/issues/2
https://vuldb.com/submit/800979
https://vuldb.com/vuln/359731
https://vuldb.com/vuln/359731/cti

Published: Apr 27, 2026 15:16 UTC Modified: Apr 27, 2026 18:36 UTC