{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4613", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-23T05:47:45.539Z", "datePublished": "2026-03-23T23:04:00.923Z", "dateUpdated": "2026-03-24T15:12:55.726Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-23T23:04:00.923Z"}, "title": "SourceCodester E-Commerce Site products.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "SourceCodester", "product": "E-Commerce Site", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-23T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-23T06:52:49.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "WeQi (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.352477", "name": "VDB-352477 | SourceCodester E-Commerce Site products.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352477", "name": "VDB-352477 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775689", "name": "Submit #775689 | sourcecodester e-Commerce Site Using PHP/MySQL V1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_4.md", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:16:04.474820Z", "id": "CVE-2026-4613", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:12:55.726Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4613", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:16:04.474820Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:16:08.350Z"}}], "cna": {"tags": ["x_freeware"], "title": "SourceCodester E-Commerce Site products.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "WeQi (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "SourceCodester", "product": "E-Commerce Site", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-23T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-23T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-23T06:52:49.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352477", "name": "VDB-352477 | SourceCodester E-Commerce Site products.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352477", "name": "VDB-352477 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775689", "name": "Submit #775689 | sourcecodester e-Commerce Site Using PHP/MySQL V1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_4.md", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-23T23:04:00.923Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4613", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:12:55.726Z", "dateReserved": "2026-03-23T05:47:45.539Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-23T23:04:00.923Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester E-Commerce Site 1.0. Esta vulnerabilidad afecta c\u00f3digo desconocido del archivo /products.PHP. La manipulaci\u00f3n del argumento Search resulta en inyecci\u00f3n SQL. El ataque puede ser ejecutado remotamente. El exploit se ha hecho p\u00fablico y podr\u00eda ser usado."}], "id": "CVE-2026-4613", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-24T00:16:31.587", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/WHOAMI-xiaoyu/CVE/blob/main/CVE_4.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.352477"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.352477"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.775689"}, {"source": "cna@vuldb.com", "url": "https://www.sourcecodester.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "E-Commerce Site", "source": "cna", "vendor": "SourceCodester"}, "product": "ecommerce_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-03-24T03:55:32.813359+00:00", "value": {"mitigation_remediation": ["Check for and apply any SourceCodester E-Commerce Site 1.0 security patches or updates.", "If no patch is available, update the application to the latest supported version from the vendor.", "Ensure that the Search parameter in products.php is validated and sanitized, preferably using parameterized queries.", "Implement web application firewall rules to detect and block suspicious SQL injection attempts against products.php.", "Monitor web server and database logs for unusual query patterns or authentication failures."], "summary": {"action": "Assess Impact", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "Systems affected are installations of SourceCodester E-Commerce Site version 1.0 running the products.php module. The vulnerability is located in unknown or undocumented code that processes the Search argument. Administrators of web applications built on this platform should verify that the specific file is present and check whether the version has been patched by the vendor.", "description_and_impact": "A vulnerability exists in the SourceCodester E-Commerce Site 1.0 within the products.php script. Malicious actors can supply an arbitrary search query through the Search parameter, which is inserted directly into a SQL statement without proper sanitization. This flaw can lead to remote SQL injection, allowing attackers to extract, modify, or delete data stored in the underlying database. The weakness corresponds to CWE-74 and CWE-89 vulnerabilities.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the KEV catalog, but an exploit is publicly documented. The attack can be conducted remotely by issuing HTTP requests to products.php with a crafted Search value. Operators should therefore treat this flaw as a realistic threat until a vendor patch becomes available."}}}}, "created": "2026-03-24T10:30:01.218130+00:00", "updated": "2026-03-25T20:36:08.937645+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$ecommerce_system"]}