CVE-2026-3758

HIGH

Online Art Gallery Shop 1.0 - SQL Injection

Title source: llm

Description

A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

References (5)

[Issue Tracking] https://github.com/hmKunlun/projectworldcve/issues/2

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349736

[Permissions Required, VDB Entry] https://vuldb.com/?id.349736

[Permissions Required, VDB Entry] https://vuldb.com/?submit.768058

[Permissions Required, VDB Entry] https://vuldb.com/?submit.768958

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 8.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-89 CWE-74

Status published

Affected Products (1)

projectworlds/online_art_gallery_shop

Timeline

Published Mar 08, 2026

Tracked Since Mar 09, 2026