CVE-2026-14735
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk33th percentile — higher than 33% of all known CVEs
Summary
A SQL injection vulnerability has been found in Smart Parking System 1.0 in the file /parkings/parkings.php. An unknown function allows manipulation of the street, city, or status arguments, enabling remote SQL injection. The exploit has been publicly disclosed.
Risk Assessment
An attacker can remotely steal, modify, or delete database records, compromising the confidentiality and integrity of the parking system.
Recommendation
Immediately update the system to the latest version or apply a security patch. In the meantime, restrict access to /parkings/parkings.php and use parameterized queries.
Original NVD description (English source)
A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city/status leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

