CVE-2026-37149

HIGH

GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 - SQL Injection via scost Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-37149. PoCs published by pateldhyeyit.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-37149, a SQL Injection vulnerability in GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0. It includes proof-of-concept payloads, technical details, and mitigation recommendations.

Description

GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

Exploits (1)

nomisec WRITEUP 2 stars
by pateldhyeyit · poc
https://github.com/pateldhyeyit/CVE-2026-37149

This repository provides a detailed technical analysis of CVE-2026-37149, a SQL Injection vulnerability in GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0. It includes proof-of-concept payloads, technical details, and mitigation recommendations.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint /grocery/search_products.php
mistral-large-3 · analyzed Jun 26, 2026 Full analysis →

Scores

CVSS v3 7.7
EPSS 0.0022
EPSS Percentile 11.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Published Jun 25, 2026
Tracked Since Jun 26, 2026