CVE-2026-13498

🗓️ 28 Jun 2026 13:00:08Reported by VulDBType

SQL injection via email in forgotpassword.php of yashpokharna2555 restaurant management system; remote attack, unknown function, no versioning, issue reported.

Reporter	Title	Published	Views	Family All 4
ATTACKERKB	CVE-2026-13498	28 Jun 202613:00	–	attackerkb
Cvelist	CVE-2026-13498 yashpokharna2555 restaurent-management-system POST Parameter forgotpassword.php sql injection	28 Jun 202613:00	–	cvelist
EUVD	EUVD-2026-39996	28 Jun 202613:00	–	euvd
NVD	CVE-2026-13498	28 Jun 202613:16	–	nvd

[
  {
    "vendor": "yashpokharna2555",
    "product": "restaurent-management-system",
    "versions": [
      {
        "version": "5f3eca87cb681366866a78038af17891c4c86612",
        "status": "affected"
      },
      {
        "version": "6d1cc94c9007e2373d30d9c940824a5d2f50d9b6",
        "status": "affected"
      },
      {
        "version": "b7124069da225d5be3f430eb4d8e23d294f7a14f",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:yashpokharna2555:restaurent-management-system:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "POST Parameter Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/submit/838559
github	www.github.com/yashpokharna2555/restaurent-management-system/
github	www.github.com/yashpokharna2555/restaurent-management-system/issues/3
vuldb	www.vuldb.com/vuln/374493/cti
vuldb	www.vuldb.com/cve/CVE-2026-13498
vuldb	www.vuldb.com/vuln/374493

28 Jun 2026 13:16Current

6.9Medium risk

Vulners AI Score6.9

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3