SQL Injection Vulnerability in SourceCodester Malawi Online Market
CVE-2026-4838

6.9MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Malawi Online Market
Vendor
CVE Published:
26 March 2026

What is CVE-2026-4838?

A SQL injection vulnerability exists in the SourceCodester Malawi Online Market version 1.0, specifically related to an obscure function in the /display.php file. By manipulating the ID argument, an attacker can execute unauthorized SQL commands, enabling potential access to sensitive database information. This flaw can be exploited remotely, and the details of the exploit have been publicly disclosed, posing a significant risk to users of the platform. It's crucial for users to implement security measures to protect against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Malawi Online Market 1.0

References

https://vuldb.com/?id.353141
vdb-entrytechnical-description
https://vuldb.com/?ctiid.353141
signaturepermissions-required
https://vuldb.com/?submit.776081
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

WeQi (VulDB User)
JSON
.