Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
SourceCodester E-Commerce Site 1.0 Can Be Tricked into Revealing Sensitive Data
CVE-2026-4613
Summary
A security issue in SourceCodester E-Commerce Site 1.0 could allow an attacker to see sensitive information they shouldn't have access to. This is because the software doesn't properly check user input, which means it can be tricked into doing something it shouldn't. To stay safe, update the software to the latest version if possible, and make sure to only use this system with trusted users.
Original title
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection....
Original description
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 24 Mar 2026