CVE-2026-14654
HighCVSS 7.3Summary
A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/girlsproductdeletequery.php. An unknown function allows manipulation of the user_id argument, enabling remote SQL injection. The exploit is publicly available and may be used.
Risk Assessment
An attacker can remotely execute arbitrary SQL queries, leading to data leakage, modification, or deletion, and potentially full application compromise.
Recommendation
Immediately update the script to the latest version or implement parameterized queries in /admin/girlsproductdeletequery.php to prevent SQL injection.
Original NVD description (English source)
A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument user_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

