PT-2026-21868 · Sourcecodester · Simple/Nice Shopping Cart Script
Xiaosun
·
Published
2026-02-25
·
Updated
2026-03-02
·
CVE-2026-3148
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Simple and Nice Shopping Cart Script version 1.0
Description
A SQL injection issue exists in SourceCodester Simple and Nice Shopping Cart Script 1.0. The issue is located in an unknown function within the
/signup.php file. Manipulating the Username argument can trigger the SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed.Recommendations
Apply any available updates or patches for version 1.0.
As a temporary workaround, sanitize the
Username input to prevent SQL injection.
Restrict access to the /signup.php file if possible.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple/Nice Shopping Cart Script