CVE-2024-4826

CRITICAL

Simple PHP Shopping Cart <0.9 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file.

Scores

CVSS v3 9.8
EPSS 0.0041
EPSS Percentile 32.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Asaancart/Simple PHP Shopping Cart 0.9
Published May 16, 2024
Tracked Since Feb 18, 2026