A vulnerability marked as critical has been reported in code-projects Simple Flight Ticket Booking System 1.0 . This affects an unknown part of the file checkUser.php of the component POST Parameter Handler . The manipulation of the argument Username leads to sql injection. This vulnerability is uniquely identified as CVE-2026-11488 . The attack is possible to be carried out remotely. Moreover, an exploit is present.