CVE-2026-7132

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could ...

medium 5.3 CVSS 3.1

Published: Apr 27, 2026

Modified: Apr 27, 2026

Description

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used.

References

https://code-projects.org/
https://github.com/zzk6th/cve/issues/2
https://vuldb.com/submit/800979
https://vuldb.com/vuln/359731
https://vuldb.com/vuln/359731/cti

Version	3.1
Score	5.3 / 10
Severity	medium