CVE-2026-14767

Severity CVSS v4.0:
LOW
Type:
CWE-74 Injection
Publication date:
05/07/2026
Last modified:
05/07/2026

Description

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoice_no results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.