Tag
A remote, unauthenticated SQL injection vulnerability (CVE-2026-14654) in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows attackers to manipulate the `user_id` argument via `/admin/girlsproductdeletequery.php`, leading to database compromise, data exfiltration, or unauthorized access, with an exploit publicly available.