Skip to main content

SourceCodester SUP Online Shopping EUVD-2026-28519

| CVE-2026-8130 MEDIUM
SQL Injection (CWE-89)
2026-05-08 VulDB GHSA-gxmg-m8j9-9hxw
PHP SQLi
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 04:30 vuln.today
Severity Changed
May 08, 2026 - 04:22 NVD
HIGH MEDIUM
CVSS changed
May 08, 2026 - 04:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)
CVE Published
May 08, 2026 - 02:45 nvd
MEDIUM 5.5

DescriptionNVD

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

AnalysisAI

SQL injection in SourceCodester SUP Online Shopping 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via the seenid parameter in /admin/message.php. The vulnerability has a publicly available exploit and presents moderate confidentiality and integrity risk with a CVSS score of 5.5, though impact is limited to partial data access and modification without availability impact.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-28519 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy