CVE-2026-37149 - CERT CVE
ID CVE-2026-37149
Sažetak GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.
Reference
CVSS
Base: 7.7
Impact: 5.2
Exploitability:2.5
Pristup
VektorSloženostAutentikacija
LOCAL LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH NONE
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Zadnje važnije ažuriranje 26-06-2026 - 15:16
Objavljeno 25-06-2026 - 20:17