EUVD-2026-16082
GHSA-m75r-w8f2-6h95
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
SQL injection in SourceCodester Malawi Online Market 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /display.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running SourceCodester Malawi Online Market v1.0 and assess exposure; immediately implement WAF rules to block SQL injection patterns targeting /display.php; consider taking the affected application offline if exploitable and internet-facing. Within 7 days: Deploy network segmentation to isolate affected systems; implement enhanced database activity monitoring and logging; conduct vulnerability scanning for similar weaknesses; communicate risk status to affected customers if applicable. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today