CVE-2026-13498

A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unknown function of the file /forgotpassword.php of the component POST Parameter Handler. Such manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Configurations

No configuration.

History

28 Jun 2026, 13:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-28 13:16

Updated : 2026-06-30 19:16


NVD link : CVE-2026-13498

Mitre link : CVE-2026-13498

CVE.ORG link : CVE-2026-13498


JSON object : View

Products Affected

No product.

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')