Product
CVE-2026-14654: Remote SQL Injection in SourceCodester Simple and Nice Shopping Cart Script
1 rule 1 TTP 1 CVE 7 IOCsA remote, unauthenticated SQL injection vulnerability (CVE-2026-14654) in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows attackers to manipulate the `user_id` argument via `/admin/girlsproductdeletequery.php`, leading to database compromise, data exfiltration, or unauthorized access, with an exploit publicly available.
CVE-2026-14652: SQL Injection in SourceCodester Simple and Nice Shopping Cart Script
1 rule 1 TTP 1 CVEA critical SQL injection vulnerability (CVE-2026-14652) exists in the Admin Login component of SourceCodester Simple and Nice Shopping Cart Script version 1.0, allowing an unauthenticated attacker to remotely exploit it by manipulating the 'Username' argument in the /admin/login.php file, potentially leading to unauthorized access, information disclosure, or data manipulation, with a public exploit available.