CVE Catalog

CVE-2026-14654

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/girlsproductdeletequery.php. An unknown function allows manipulation of the user_id argument, enabling remote SQL injection. The exploit is publicly available and may be used.

Risk Assessment

An attacker can remotely execute arbitrary SQL queries, leading to data leakage, modification, or deletion, and potentially full application compromise.

Recommendation

Immediately update the script to the latest version or implement parameterized queries in /admin/girlsproductdeletequery.php to prevent SQL injection.

Original NVD description (English source)

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument user_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS