CVE Catalog

CVE-2026-37149

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

A SQL injection vulnerability was discovered in the scost parameter in /grocery/search_products.php of GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0. This allows attackers to access sensitive database information via a crafted SQL statement.

Risk Assessment

An attacker can read, modify, or delete database data, leading to a breach of confidentiality and integrity of the organization's information.

Recommendation

Immediately update the system to the latest version or implement parameterized queries in search_products.php to prevent SQL injection.

Original NVD description (English source)

GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS