SourceCodester E-Commerce Site SQL Injection Vulnerability (CVE-2026-4613)
A remote SQL injection vulnerability (CVE-2026-4613) exists in SourceCodester E-Commerce Site 1.0 within the /products.php file due to improper input sanitization of the 'Search' argument, potentially allowing attackers to read or modify sensitive database information.
A SQL injection vulnerability, identified as CVE-2026-4613, has been discovered in SourceCodester E-Commerce Site version 1.0. The vulnerability resides within the /products.php file and stems from the improper handling of user-supplied input to the ‘Search’ argument. This allows a remote attacker to inject arbitrary SQL commands, potentially leading to unauthorized access to sensitive data or modification of the database. Given the public availability of exploit code, exploitation of this…
Detection coverage 2
Detecting SQL Injection Attempts in E-Commerce Search
highDetects potential SQL injection attempts targeting the /products.php search functionality by looking for common SQL injection characters and keywords.
Detecting Potential SQL Injection in Web Application Logs
mediumThis rule identifies potential SQL injection attempts based on the presence of SQL keywords in web application logs.
Detection queries are kept inside the platform. Get full rules →