SQL Injection Vulnerability in SourceCodester Simple and Nice Shopping Cart Script
CVE-2026-14652
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14652?
The SourceCodester Simple and Nice Shopping Cart Script 1.0 has a vulnerability located in the Admin Login component, specifically within the /admin/login.php file. This flaw allows an attacker to manipulate the Username argument, which can lead to SQL injection attacks. The issue can be exploited remotely, making it critical for users to address this vulnerability promptly, as it has been publicly disclosed and may already be actively exploited.
Affected Version(s)
Simple and Nice Shopping Cart Script 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
