CVE-2026-7072

· NIST NVD ↗

A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

HIGH
CVSS severity
7.3
CVSS base score
2026-04-27
Published

CWE codes

CWE-74CWE-89

Sources