{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-4838/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","web-application","cve-2026-4838"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe SourceCodester Malawi Online Market 1.0 is vulnerable to SQL injection (CVE-2026-4838). The vulnerability resides within the \u003ccode\u003e/display.php\u003c/code\u003e file, specifically in how the application handles the \u003ccode\u003eID\u003c/code\u003e parameter. A remote attacker can manipulate this parameter to inject arbitrary SQL commands into the database query. This can potentially allow the attacker to read, modify, or delete sensitive data, or even gain control of the underlying database server. The vulnerability was published on…\u003c/p\u003e\n","date_modified":"2026-03-26T04:17:13Z","date_published":"2026-03-26T04:17:13Z","id":"/briefs/2026-03-malawi-online-market-sqli/","summary":"A remote SQL injection vulnerability (CVE-2026-4838) exists in the /display.php file of SourceCodester Malawi Online Market 1.0 due to improper input sanitization of the ID parameter, potentially allowing attackers to execute arbitrary SQL queries.","title":"SourceCodester Malawi Online Market SQL Injection Vulnerability (CVE-2026-4838)","url":"https://feed.craftedsignal.io/briefs/2026-03-malawi-online-market-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-4838","version":"https://jsonfeed.org/version/1.1"}