SourceCodester Malawi Online Market SQL Injection Vulnerability (CVE-2026-4838)
A remote SQL injection vulnerability (CVE-2026-4838) exists in the /display.php file of SourceCodester Malawi Online Market 1.0 due to improper input sanitization of the ID parameter, potentially allowing attackers to execute arbitrary SQL queries.
The SourceCodester Malawi Online Market 1.0 is vulnerable to SQL injection (CVE-2026-4838). The vulnerability resides within the /display.php file, specifically in how the application handles the ID parameter. A remote attacker can manipulate this parameter to inject arbitrary SQL commands into the database query. This can potentially allow the attacker to read, modify, or delete sensitive data, or even gain control of the underlying database server. The vulnerability was published on…
Detection coverage 2
Detect Suspicious URI Access to display.php with SQL Injection Attempts
highDetects potential SQL injection attempts by monitoring URI access to the /display.php endpoint with suspicious SQL-related keywords.
Detect SQL Injection Error Messages
mediumDetects SQL injection attempts by looking for common error messages in web server logs that often occur during failed SQL injection attempts.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
5
url