Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sun, 05 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoice_no results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | |
| Title | CodeAstro Ecommerce Website POST Parameter confirm.php sql injection | |
| First Time appeared |
Codeastro
Codeastro ecommerce Website |
|
| Weaknesses | CWE-74 CWE-89 |
|
| CPEs | cpe:2.3:a:codeastro:ecommerce_website:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Codeastro
Codeastro ecommerce Website |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-05T19:45:07.150Z
Reserved: 2026-07-05T03:57:33.939Z
Link: CVE-2026-14767
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-05T21:30:05Z