CVE-2026-14652
SourceCodester Simple and Nice Shopping Cart Script Admin Login login.php sql injection
Vexday Risk Score
30Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 6.9EPSS —KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
04 jul 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
SourceCodester · Simple and Nice Shopping Cart ScriptPoCs públicas encontradas — 1
cve_referencegithub.com/Yuesswor/cve/issues/2no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.