CVE-2026-14652 PUBLISHED

SourceCodester Simple and Nice Shopping Cart Script Admin Login login.php sql injection

Assigner: VulDB
Reserved: 03.07.2026 Published: 04.07.2026 Updated: 04.07.2026

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 6.9

Product Status

Vendor SourceCodester
Product Simple and Nice Shopping Cart Script
Versions
  • Version 1.0 is affected

Credits

  • wangfuyuan (VulDB User) reporter

References

Problem Types

  • SQL Injection CWE
  • Injection CWE