EUVD-2026-14658
GHSA-cq28-h8qx-hggv
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Analysis
SQL injection in SourceCodester E-Commerce Site 1.0 through the Search parameter in /products.php enables unauthenticated remote attackers to read, modify, and delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available, putting all installations at immediate risk.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all systems running SourceCodester E-Commerce v1.0 and immediately take affected applications offline or restrict network access to trusted sources only. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns in the /products.php Search parameter, implement input validation/parameterized queries through code patches if internal development is possible, or migrate to an alternative e-commerce platform. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today