Description
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.
Published: 2026-05-23
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Smartshop 1 contains an input-bypass vulnerability that allows an unauthenticated attacker to execute arbitrary SQL statements by injecting payloads into the id parameter of category.php. The flaw is a classic UNION-based parameter injection (CWE-89) that can read sensitive data, such as usernames, passwords, and other confidential database content. It grants the attacker the ability to obtain and exfiltrate database information without requiring any prior authentication.

Affected Systems

The vulnerability affects the Smartshop 1 e‑commerce platform supplied by Behance. No specific application version or patch level is listed; any deployment that includes the unpatched category.php endpoint is potentially exploitable.

Risk and Exploitability

The CVSS score of 8.8 indicates a high‑severity flaw with a wide impact scope. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can reach the vulnerable endpoint via standard HTTP GET requests to category.php, making exploitation straightforward over the public web. Because no authentication is required, the attacker can immediately query the database to extract sensitive information.

Generated by OpenCVE AI on May 23, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Smartshop 1 to the latest patch or version that removes the vulnerable code.
  • Modify the application to use prepared statements or proper input validation for the id parameter, ensuring that no raw SQL is constructed from user input.
  • Deploy a web application firewall or an access control rule that limits or blocks public access to category.php from untrusted IPs.
  • As a temporary workaround, disable or protect the category.php endpoint until a patch can be applied or code changes are made.

Generated by OpenCVE AI on May 23, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.
Title Smartshop 1 SQL Injection via category.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-23T18:30:43.107Z

Reserved: 2026-05-23T14:41:21.822Z

Link: CVE-2018-25340

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T20:00:11Z

Weaknesses