CVE Catalog

CVE-2026-14653

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/mensproductdeletequery.php. An attacker can remotely manipulate the user_id argument, leading to SQL injection. The exploit has been publicly disclosed.

Risk Assessment

The organization is at risk of unauthorized database access, customer data leakage, and potential system takeover.

Recommendation

Immediately update the script to the latest version or apply a patch to prevent SQL injection. In the meantime, restrict access to the admin panel.

Original NVD description (English source)

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument user_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS