CVE-2026-2865 MEDIUM

CVE-2026-2865: itsourcecode Agri-Trading Online Shopping System HTTP POST Request productcontroller.php sql injection

Vendor Itsourcecode

Product Agri-Trading Online Shopping System

Weakness CWE-89 · SQLi

Published February 21, 2026

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

February 21, 2026 CVE published

February 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-2865

Related vulnerabilities

04Related CVE

CVE-2025-69180 WordPress Ultra Portfolio plugin <= 6.7 - SQL Injection vulnerability CVE-2022-47428 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection CVE-2025-10740 URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation CVE-2024-12492 code-projects Farmacia visualizar-usuario.php sql injection CVE-2026-2134 PHPGurukul Hospital Management System manage-doctors.php sql injection