Primary

Context

Smartshop SQL Injection Vulnerability in Product.php

Vulnerability

A SQL injection vulnerability has been identified in Smartshop version 1.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter in 'product.php'. Exploitation of this vulnerability could lead to the extraction of sensitive database information, including usernames and database names.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, which could be used to manipulate the database or extract sensitive information.

Reproduction

To reproduce this vulnerability, send a GET request to 'product.php' with a crafted 'id' parameter that includes a union-based SQL injection payload. The injected SQL code will be executed by the application's database, allowing the attacker to extract sensitive information.

Added: May 26, 2026, 9:20 PM

Updated: May 26, 2026, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

9.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Smartshop SQL Injection Vulnerability in Product.php

Vulnerability

Impact

Reproduction

Affected Products

Smartshop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating