Skip to main content

Simple And Nice Shopping Cart Script

9 CVEs product

Monthly

CVE-2026-15703 MEDIUM POC This Month

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-15190 MEDIUM POC This Month

SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows unauthenticated remote attackers to manipulate the Username parameter on /login.php, potentially bypassing authentication or extracting database contents. A publicly available proof-of-concept exploit exists, published via a GitHub issue and documented in VulDB entry 377116. No CISA KEV listing is present, but the combination of network accessibility, no authentication requirement, and a live POC makes this a practical risk for any exposed deployment.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-14653 MEDIUM POC This Month

SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 enables remote, unauthenticated attackers to manipulate database queries through the user_id parameter in /admin/mensproductdeletequery.php, exposing partial confidentiality, integrity, and availability of the underlying database. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates no authentication or special conditions are required for exploitation over the network. A public exploit has been disclosed on GitHub, elevating the practical risk above the raw score suggests - though this is not confirmed as actively exploited by CISA KEV at time of analysis.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-14652 MEDIUM POC This Month

SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 exposes the admin login interface to remote unauthenticated attackers through unsanitized input in the Username parameter of /admin/login.php. The CVSS 4.0 score of 6.9 (Medium) reflects limited per-request impact (VC:L/VI:L/VA:L), but a publicly available proof-of-concept exploit (E:P) on GitHub substantially lowers the exploitation bar for opportunistic attackers. No KEV listing exists at time of analysis; however, the trivial attack complexity (AC:L, AT:N, PR:N, UI:N) combined with public exploit code makes any internet-facing deployment of this script an immediate remediation priority.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.4%
CVE-2023-44061 HIGH POC This Week

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Simple And Nice Shopping Cart Script
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-1497 CRITICAL Act Now

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Nice Shopping Cart Script
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2957 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple And Nice Shopping Cart Script
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2909 HIGH POC This Week

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple And Nice Shopping Cart Script
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2814 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple And Nice Shopping Cart Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows unauthenticated remote attackers to manipulate the Username parameter on /login.php, potentially bypassing authentication or extracting database contents. A publicly available proof-of-concept exploit exists, published via a GitHub issue and documented in VulDB entry 377116. No CISA KEV listing is present, but the combination of network accessibility, no authentication requirement, and a live POC makes this a practical risk for any exposed deployment.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 enables remote, unauthenticated attackers to manipulate database queries through the user_id parameter in /admin/mensproductdeletequery.php, exposing partial confidentiality, integrity, and availability of the underlying database. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates no authentication or special conditions are required for exploitation over the network. A public exploit has been disclosed on GitHub, elevating the practical risk above the raw score suggests - though this is not confirmed as actively exploited by CISA KEV at time of analysis.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 exposes the admin login interface to remote unauthenticated attackers through unsanitized input in the Username parameter of /admin/login.php. The CVSS 4.0 score of 6.9 (Medium) reflects limited per-request impact (VC:L/VI:L/VA:L), but a publicly available proof-of-concept exploit (E:P) on GitHub substantially lowers the exploitation bar for opportunistic attackers. No KEV listing exists at time of analysis; however, the trivial attack complexity (AC:L, AT:N, PR:N, UI:N) combined with public exploit code makes any internet-facing deployment of this script an immediate remediation priority.

SQLi PHP Simple And Nice Shopping Cart Script
NVD VulDB GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Simple And Nice Shopping Cart Script
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Nice Shopping Cart Script
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple And Nice Shopping Cart Script
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple And Nice Shopping Cart Script
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple And Nice Shopping Cart Script
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy