CVE-2026-37149
HighCVSS 7.7Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
A SQL injection vulnerability was discovered in the scost parameter in /grocery/search_products.php of GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0. This allows attackers to access sensitive database information via a crafted SQL statement.
Risk Assessment
An attacker can read, modify, or delete database data, leading to a breach of confidentiality and integrity of the organization's information.
Recommendation
Immediately update the system to the latest version or implement parameterized queries in search_products.php to prevent SQL injection.
Original NVD description (English source)
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

