Platform
php
Component
vehicle-showroom-management-system
Fixed in
1.0.1
CVE-2026-6038 describes a SQL Injection vulnerability discovered in the code-projects Vehicle Showroom Management System, impacting versions 1.0.0 through 1.0. This flaw resides within the /util/RegisterCustomerFunction.php file and allows attackers to manipulate the BRANCH_ID parameter, potentially compromising the database. A public exploit is available, increasing the risk of immediate exploitation. Remediation involves upgrading to a patched version.
The SQL Injection vulnerability in Vehicle Showroom Management System allows an attacker to inject malicious SQL code into the BRANCH_ID parameter within the /util/RegisterCustomerFunction.php file. Successful exploitation could lead to unauthorized access to sensitive data stored within the database, including customer information, vehicle inventory details, and financial records. An attacker could potentially modify or delete data, leading to significant operational disruption. The remote nature of the vulnerability means it can be exploited from anywhere with network access to the system. Given the availability of a public exploit, the potential for widespread exploitation is high.
CVE-2026-6038 is a publicly disclosed vulnerability with a readily available exploit. The availability of a public exploit significantly increases the likelihood of exploitation. While no specific KEV listing or EPSS score is currently available, the public exploit suggests a high probability of exploitation. The vulnerability was published on 2026-04-10, indicating a relatively recent discovery.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-6038 is to upgrade to a patched version of the Vehicle Showroom Management System. Since a fixed version is not specified, immediate action is crucial. As an interim measure, implement a Web Application Firewall (WAF) rule to filter potentially malicious SQL queries targeting the BRANCHID parameter. Additionally, enforce strict input validation on the BRANCHID parameter to sanitize user-supplied data before it is used in SQL queries. Consider implementing parameterized queries or prepared statements to prevent SQL injection attacks. After applying mitigations, verify the system's security by attempting to inject SQL code into the BRANCH_ID parameter and confirming that the queries are properly sanitized.
Update the Vehicle Showroom Management System to the latest available version to mitigate the (SQL Injection) vulnerability. Review and sanitize the BRANCH_ID input in the /util/RegisterCustomerFunction.php file to prevent the execution of malicious code. Implement data validation and escaping to prevent future (SQL Injections).
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6038 is a SQL Injection vulnerability affecting versions 1.0.0–1.0 of the Vehicle Showroom Management System, allowing attackers to manipulate database queries via the BRANCH_ID parameter in /util/RegisterCustomerFunction.php.
If you are using Vehicle Showroom Management System versions 1.0.0–1.0 and have not upgraded, you are potentially vulnerable to SQL Injection attacks.
Upgrade to a patched version of the Vehicle Showroom Management System. As a temporary measure, implement WAF rules and input validation on the BRANCH_ID parameter.
Due to the availability of a public exploit, CVE-2026-6038 is likely being actively exploited or is at high risk of exploitation.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2026-6038.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.