Description
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/my_account.php?my_wishlist. The manipulation of the argument delete_wishlist results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Problem types
Product status
Timeline
| 2026-07-05: | Advisory disclosed |
| 2026-07-05: | VulDB entry created |
| 2026-07-05: | VulDB entry last update |
Credits
lilukun (VulDB User)
References
vuldb.com/vuln/376393 (VDB-376393 | CodeAstro Ecommerce Website my_account.php sql injection)
vuldb.com/vuln/376393/cti (VDB-376393 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14799 (CVE-2026-14799 | CVE Analysis and Report)
vuldb.com/submit/850850 (Submit #850850 | codeastro Ecommerce Website V1.0 SQL Injection)
github.com/lilukun337/cve/issues/8
codeastro.com/