CVE-2026-2865 PUBLISHED

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

• wanyan (VulDB User) reporter

• VDB-347104 | itsourcecode Agri-Trading Online Shopping System HTTP POST Request productcontroller.php sql injection
• VDB-347104 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #754556 | itsourcecode Agri-Trading Online Shopping System Project v1.0 SQL Injection
• https://github.com/wan1yan/cve/issues/3
• https://itsourcecode.com/

• SQL Injection CWE
• Injection CWE