GHSA-pj25-44r7-9g5gLowCVSS 6.3
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown...
🔗 CVE IDs covered (1)
📋 Description
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoice_no results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
🔗 References (8)
- https://nvd.nist.gov/vuln/detail/CVE-2026-14767
- https://codeastro.com
- https://gist.github.com/menelausx/2222914494e28e7d70f9a35af8fae824
- https://vuldb.com/cve/CVE-2026-14767
- https://vuldb.com/submit/850623
- https://vuldb.com/vuln/376357
- https://vuldb.com/vuln/376357/cti
- https://github.com/advisories/GHSA-pj25-44r7-9g5g