CVE-2026-0589

Published: Jan 5, 2026Modified: Apr 29, 2026

5.5

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used.

Affected (1)

Products: Fabian: Online Product Reservation System

1 product

Online Product Reservation System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fabian Online Product Reservation System	Version 1.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://code-projects.org/

Source: cna@vuldb.com

Product

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/auth_bypass_admin_panel.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/auth_bypass_admin_panel.md#poc

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.339499

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.339499

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.731127

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.