Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25342: Smartshop 1 allows attackers to steal sensitive data
CVE-2018-25342
Summary
Smartshop 1 has a security flaw that lets attackers access sensitive information without a password. This means they can potentially steal product details and other system data. To protect your data, update to a secure version of Smartshop 1 or consider switching to a different e-commerce platform.
Original title
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in se...
Original description
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract sensitive database information including product details and system data.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 23 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026