CVE-2026-8128

HIGH CVSS 7.3 View on NVD ↗

Description

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/redshadowword-cell/CVE/issues/9
https://vuldb.com/submit/808772
https://vuldb.com/vuln/361918
https://vuldb.com/vuln/361918/cti
https://www.sourcecodester.com/

Published: May 08, 2026 03:16 UTC Modified: May 08, 2026 15:41 UTC