CVE Catalog

CVE-2026-14652

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/login.php. An attacker can remotely manipulate the Username argument, leading to SQL injection. The exploit has been made public and could be used.

Risk Assessment

The risk involves potential remote compromise of the shopping cart database, which could lead to customer data leakage, content modification, or full system takeover.

Recommendation

Immediately update the script to the latest version or implement parameterized SQL queries in /admin/login.php to prevent injections.

Original NVD description (English source)

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS