CVE-2026-14639
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A SQL injection vulnerability has been found in CodeAstro Ecommerce Website 1.0 in the file /ecommerce-website-php/customer/my_account.php?edit_account. Manipulation of the c_name argument allows remote SQL injection. The exploit has been publicly disclosed.
Risk Assessment
An attacker can remotely steal, modify, or delete database data, potentially compromising the confidentiality and integrity of customer data and the entire application.
Recommendation
Immediately update the application to the latest version or apply a security patch to prevent SQL injection, for example by using parameterized queries.
Original NVD description (English source)
A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the argument c_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

