Description
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.
Published: 2026-05-23
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Smartshop 1 contains an input-bypass vulnerability that allows an unauthenticated attacker to execute arbitrary SQL statements by injecting payloads into the id parameter of category.php. The flaw is a classic UNION-based parameter injection (CWE-89) that can read sensitive data, such as usernames, passwords, and other confidential database content. It grants the attacker the ability to obtain and exfiltrate database information without requiring any prior authentication.

Affected Systems

The vulnerability affects the Smartshop 1 e‑commerce platform supplied by Behance. No specific application version or patch level is listed; any deployment that includes the unpatched category.php endpoint is potentially exploitable.

Risk and Exploitability

The CVSS score of 8.8 indicates a high‑severity flaw with a wide impact scope. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can reach the vulnerable endpoint via standard HTTP GET requests to category.php, making exploitation straightforward over the public web. Because no authentication is required, the attacker can immediately query the database to extract sensitive information.

Generated by OpenCVE AI on May 23, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Smartshop 1 to the latest patch or version that removes the vulnerable code.
  • Modify the application to use prepared statements or proper input validation for the id parameter, ensuring that no raw SQL is constructed from user input.
  • Deploy a web application firewall or an access control rule that limits or blocks public access to category.php from untrusted IPs.
  • As a temporary workaround, disable or protect the category.php endpoint until a patch can be applied or code changes are made.

Generated by OpenCVE AI on May 23, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Behance
Behance smartshop
Vendors & Products Behance
Behance smartshop

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.
Title Smartshop 1 SQL Injection via category.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Behance Smartshop
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T14:04:11.717Z

Reserved: 2026-05-23T14:41:21.822Z

Link: CVE-2018-25340

cve-icon Vulnrichment

Updated: 2026-05-26T14:04:02.716Z

cve-icon NVD

Status : Deferred

Published: 2026-05-23T19:16:53.733

Modified: 2026-05-26T19:47:48.987

Link: CVE-2018-25340

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T11:33:35Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')