Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-14767

MEDIUM NVD
CVSS Score 6.3
Severity MEDIUM
Published Jul 05, 2026
Vendor unknown

Description

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoice_no results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

References