← back
CVE-2026-37149

CVE-2026-37149

CVSS 7.7 HIGHEPSS 0.2%CWE-89
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Popular PoC on GitHub (2 stars) — exploitation code widely available.
CVSS 7.7EPSS 0.2%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
20 Jun 2026Public PoC
25 Jun 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.