SQL Injection Vulnerability in Grocery Store Management System by PHP and MySQL
CVE-2026-37149
7.7HIGH
What is CVE-2026-37149?
The Grocery Store Management System using PHP and MySQL has a SQL injection vulnerability located in the 'scost' parameter of the search_products.php file. Successful exploitation enables unauthorized users to craft malicious SQL statements, potentially exposing sensitive database information. This vulnerability highlights the need for robust input validation and secure coding practices to protect against database manipulation and data breaches.
