Description
A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument txt_search_category causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Published: 2026-06-01
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic SQL injection flaw in the txt_search_category parameter of stock_manager.php. The flaw allows an attacker to manipulate the input to inject arbitrary SQL statements, potentially reading, modifying, or deleting inventory data. The weakness is classified as CWE-74 (SQL Injection) and CWE-89 (Improper Neutralization of Special Elements in an SQL Command).

Affected Systems

CodeAstro’s Ingredients Stock Management System, version 1.0. The flaw resides in the application’s stock_manager.php file; no other affected components are listed.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. The description states that the attack can be initiated remotely and that an exploit has been published, implying that the vulnerability is actionable and available for exploitation by threat actors with remote access capabilities.

Generated by OpenCVE AI on June 1, 2026 at 08:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or update when it becomes available
  • Restrict network access to stock_manager.php either by firewall rules or internal network segmentation
  • Implement input validation and use prepared statements or parameterised queries to eliminate injection vectors

Generated by OpenCVE AI on June 1, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument txt_search_category causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Title CodeAstro Ingredients Stock Management System stock_manager.php sql injection
First Time appeared Codeastro
Codeastro ingredients Stock Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:codeastro:ingredients_stock_management_system:*:*:*:*:*:*:*:*
Vendors & Products Codeastro
Codeastro ingredients Stock Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Codeastro Ingredients Stock Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T07:15:08.561Z

Reserved: 2026-05-31T08:21:34.356Z

Link: CVE-2026-10235

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T08:16:20.107

Modified: 2026-06-01T08:16:20.107

Link: CVE-2026-10235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T09:00:11Z

Weaknesses