CVE-2026-0591: A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file…

A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.