SQL Injection Vulnerability in Grocery Store Management System by PHP and MySQL
CVE-2026-37149

7.7HIGH

Key Information:

Vendor
CVE Published:
25 June 2026

What is CVE-2026-37149?

The Grocery Store Management System using PHP and MySQL has a SQL injection vulnerability located in the 'scost' parameter of the search_products.php file. Successful exploitation enables unauthorized users to craft malicious SQL statements, potentially exposing sensitive database information. This vulnerability highlights the need for robust input validation and secure coding practices to protect against database manipulation and data breaches.

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.