CVE-2026-8129: SQL Injection in SourceCodester SUP Online Shopping
A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
AI Analysis
Technical Summary
SourceCodester SUP Online Shopping 1.0 contains an SQL injection vulnerability in the wishlist.php file. Specifically, the delwlistid parameter can be manipulated by an unauthenticated remote attacker to inject SQL commands. This vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. The vulnerability is publicly known but no official fix or patch has been published by the vendor. The vulnerability allows attackers to interfere with the application's database queries, potentially leading to unauthorized data access or modification.
Potential Impact
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform SQL injection attacks against the application's database. This may result in unauthorized access to or modification of database information. The CVSS vector indicates low to limited impact on confidentiality, integrity, and availability, consistent with a medium severity rating. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently available, users of SourceCodester SUP Online Shopping 1.0 should monitor vendor communications for updates. In the meantime, restricting access to the affected functionality or implementing web application firewall (WAF) rules to detect and block SQL injection attempts may help mitigate risk.
CVE-2026-8129: SQL Injection in SourceCodester SUP Online Shopping
Description
A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
SourceCodester SUP Online Shopping 1.0 contains an SQL injection vulnerability in the wishlist.php file. Specifically, the delwlistid parameter can be manipulated by an unauthenticated remote attacker to inject SQL commands. This vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. The vulnerability is publicly known but no official fix or patch has been published by the vendor. The vulnerability allows attackers to interfere with the application's database queries, potentially leading to unauthorized data access or modification.
Potential Impact
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform SQL injection attacks against the application's database. This may result in unauthorized access to or modification of database information. The CVSS vector indicates low to limited impact on confidentiality, integrity, and availability, consistent with a medium severity rating. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently available, users of SourceCodester SUP Online Shopping 1.0 should monitor vendor communications for updates. In the meantime, restricting access to the affected functionality or implementing web application firewall (WAF) rules to detect and block SQL injection attempts may help mitigate risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-07T17:25:55.867Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fd5dc1cbff5d86108b64a3
Added to database: 5/8/2026, 3:51:29 AM
Last enriched: 5/8/2026, 4:07:34 AM
Last updated: 5/9/2026, 3:47:08 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.