CVE-2026-4850
Published: 26 March 2026
Summary
CVE-2026-4850 is a high-severity Injection (CWE-74) vulnerability in Code-Projects Simple Laundry System. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly prevents SQL injection by requiring validation and sanitization of untrusted inputs like the 'Long-arm-shirtVol' parameter before database queries.
SI-2 mandates timely identification, reporting, and correction of flaws such as this SQL injection vulnerability in /checkregisitem.php.
RA-5 requires vulnerability scanning that would identify SQL injection issues like CVE-2026-4850 in the Simple Laundry System application.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in unauthenticated public-facing web app (/checkregisitem.php) directly maps to T1190 for initial access via remote exploitation of a known public-facing application vulnerability.
NVD Description
A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be…
more
launched remotely. The exploit has been released to the public and may be used for attacks.
Deeper analysisAI
CVE-2026-4850 is a SQL injection vulnerability (CWE-74, CWE-89) discovered in code-projects Simple Laundry System 1.0. The flaw affects an unknown function in the file /checkregisitem.php within the Parameter Handler component, where manipulation of the 'Long-arm-shirtVol' argument leads to injection. Published on 2026-03-26, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low attack complexity.
The vulnerability enables remote exploitation by unauthenticated attackers requiring no user interaction. Successful attacks can result in limited impacts to confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption via injected SQL payloads. An exploit has been publicly released and is available for use in attacks.
Advisories and details are documented on VulDB (ctiid.353155, id.353155, submit.776184), a GitHub issue at github.com/kbloow/CVE/issues/1, and the project site at code-projects.org. No specific patch or mitigation steps are detailed in the available information.
The public release of the exploit heightens the risk for deployments of Simple Laundry System 1.0.
Details
- CWE(s)