SQL Injection Vulnerability in Yashpokharna2555 Restaurant Management System
CVE-2026-13498

6.9MEDIUM

Key Information:

Vendor

YasHPokharna2555

Status
Restaurent-management-system
Vendor
CVE Published:
28 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-13498?

A vulnerability has been detected in the Yashpokharna2555 Restaurant Management System, specifically within the forgotpassword.php file. This flaw in the POST Parameter Handler allows attackers to manipulate the 'email' parameter, leading to SQL injection vulnerabilities that can be exploited remotely. As the product lacks versioning, identifying specific affected versions is challenging. Despite being notified about the vulnerability through an early issue report, the developers have not taken action to resolve this issue. With exploits readily available, users of this system should exercise caution.

Affected Version(s)

restaurent-management-system 5f3eca87cb681366866a78038af17891c4c86612

restaurent-management-system 6d1cc94c9007e2373d30d9c940824a5d2f50d9b6

restaurent-management-system b7124069da225d5be3f430eb4d8e23d294f7a14f

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-13498 - Proof of Concept

References

https://vuldb.com/vuln/374493
vdb-entrytechnical-description
https://vuldb.com/vuln/374493/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-13498
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

wr0ld (VulDB User)
VulDB CNA Team
.