SQL Injection Vulnerability in CodeAstro Ecommerce Website 1.0
CVE-2026-14799
Key Information:
- Vendor
Codeastro
- Status
- Vendor
- CVE Published:
- 6 July 2026
Badges
What is CVE-2026-14799?
A security flaw has been identified in the CodeAstro Ecommerce Website version 1.0, specifically affecting the wishlist management functionality located in the file /customer/my_account.php?my_wishlist. The vulnerability allows an attacker to manipulate the 'delete_wishlist' parameter, leading to SQL injection attacks. This flaw is particularly critical as it can be exploited remotely, potentially compromising sensitive data. The exploit is already publicly available, which increases the urgency for users to apply necessary security measures.
Affected Version(s)
Ecommerce Website 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
