Scan free
HIGHCVE-2026-5565CVSS 7.3

CVE-2026-5565: SQL Injection in Simple Laundry System

Platform

php

Component

simple-laundry-system

Fixed in

1.0.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2026-5565 describes a SQL Injection vulnerability discovered in Simple Laundry System, specifically within the Parameter Handler component's /delmemberinfo.php file. This flaw allows attackers to inject malicious SQL code through manipulation of the 'userid' parameter, potentially compromising sensitive data and system integrity. The vulnerability affects versions 1.0.0 through 1.0, and a patch is expected from the vendor.

Impact and Attack Scenarios

Successful exploitation of CVE-2026-5565 could grant an attacker unauthorized access to the Simple Laundry System's database. This could lead to the theft of sensitive user data, including usernames, passwords, and potentially financial information if the system handles payment processing. An attacker could also modify or delete data, disrupt system operations, or even gain control of the underlying server. The remote nature of the vulnerability means it can be exploited from anywhere with network access to the system, significantly expanding the potential attack surface. Similar SQL injection vulnerabilities have historically resulted in large-scale data breaches and significant financial losses.

Exploitation Context

CVE-2026-5565 has been publicly disclosed, indicating a higher risk of exploitation. The availability of a public exploit suggests that attackers are actively seeking to leverage this vulnerability. The exploit's ease of execution, combined with the potential impact, makes it a priority for remediation. The vulnerability is not currently listed on CISA KEV, but its public disclosure warrants close monitoring. Exploitation probability is considered medium due to the public availability of the exploit and the potential impact.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
Reports2 threat reports

EPSS

0.04% (12% percentile)

CISA SSVC

Exploitationpoc
Automatableyes
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R7.3HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityLowRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
Low — partial or intermittent denial of service. Attacker can degrade performance.

Affected Software

Componentsimple-laundry-system
Vendorcode-projects
Affected rangeFixed in
1.0 – 1.01.0.1

Weakness Classification (CWE)

CWE-89CWE-74

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 49 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-5565 is to upgrade to a patched version of Simple Laundry System as soon as it becomes available. Until then, several temporary measures can be implemented. Implement a Web Application Firewall (WAF) with rules to detect and block SQL injection attempts targeting the /delmemberinfo.php endpoint. Strict input validation on the 'userid' parameter is crucial; ensure all input is properly sanitized and validated against expected data types and formats. Consider restricting access to /delmemberinfo.php to authorized users only. After applying these mitigations, verify their effectiveness by attempting to inject a simple SQL query through the 'userid' parameter and confirming that it is blocked or properly sanitized.

How to fix

Update the Simple Laundry System module to the latest available version to mitigate the (SQL Injection) vulnerability. Review and sanitize user input in the /delmemberinfo.php file to prevent SQL query manipulation. Implement appropriate input validation and escaping.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-5565 — SQL Injection in Simple Laundry System?

CVE-2026-5565 is a SQL Injection vulnerability in Simple Laundry System versions 1.0.0–1.0, allowing attackers to inject malicious SQL code through the /delmemberinfo.php file, potentially compromising data.

Am I affected by CVE-2026-5565 in Simple Laundry System?

If you are running Simple Laundry System version 1.0.0–1.0 and have not applied a patch, you are potentially affected by this vulnerability.

How do I fix CVE-2026-5565 in Simple Laundry System?

Upgrade to a patched version of Simple Laundry System as soon as it becomes available. Until then, implement WAF rules and strict input validation.

Is CVE-2026-5565 being actively exploited?

Due to the public disclosure and availability of an exploit, CVE-2026-5565 is likely being actively targeted by attackers.

Where can I find the official Simple Laundry System advisory for CVE-2026-5565?

Refer to the Simple Laundry System official website or security mailing list for the latest advisory regarding CVE-2026-5565.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs