SourceCodester SUP Online Shopping SQLi: CVE-2026-8130 Exposed

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
SourceCodester SUP Online Shopping SQLi: CVE-2026-8130 Exposed

The National Vulnerability Database has disclosed CVE-2026-8130, a high-severity SQL Injection vulnerability affecting SourceCodester SUP Online Shopping 1.0. This flaw resides in the /admin/message.php file, specifically through the manipulation of the seenid argument. The vulnerability, which is remotely exploitable, carries a CVSSv3.1 score of 7.3 (HIGH).

Attackers can leverage this vulnerability without authentication, making it a critical concern for organizations running affected instances. The National Vulnerability Database notes that an exploit is publicly available, significantly increasing the likelihood of active exploitation in the wild. This isn’t theoretical; it’s a direct path for data exfiltration and potential system compromise.

This SQLi vulnerability falls under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-89 (Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)). Defenders must prioritize patching or isolating any deployments of SourceCodester SUP Online Shopping 1.0 immediately to prevent unauthorized access and data breaches.

What This Means For You

  • If your organization uses SourceCodester SUP Online Shopping 1.0, you are directly exposed to CVE-2026-8130. This is a remotely exploitable SQL Injection with public exploits available. You need to identify all instances of this software, take them offline, or apply any available patches immediately. Audit logs for suspicious activity, especially around the `/admin/message.php` endpoint.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-8130 SourceCodester SUP Online Shopping SQLi via message.php

Sigma YAML — free preview 
title: CVE-2026-8130 SourceCodester SUP Online Shopping SQLi via message.php
id: scw-2026-05-08-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-8130 in SourceCodester SUP Online Shopping 1.0. The rule specifically looks for requests to '/admin/message.php' containing the 'seenid' parameter with SQL injection payloads like 'UNION SELECT' and '@@version', indicating an attempt to exploit the SQL injection vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-08
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-8130/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/admin/message.php'
      cs-uri-query|contains:
          - 'seenid='
      cs-uri-query|contains:
          - 'UNION SELECT'
      cs-uri-query|contains:
          - '@@version'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-8130 SQLi SourceCodester SUP Online Shopping 1.0
CVE-2026-8130 SQLi Vulnerable file: /admin/message.php
CVE-2026-8130 SQLi Vulnerable parameter: seenid

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 08, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...

vulnerabilityCVEmedium-severitycwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6666 — A possible null pointer reference in PgBouncer before

CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...

vulnerabilityCVEmedium-severitycwe-476
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 2 IOCs /⚙ 1 Sigma

PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow

CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...

vulnerabilityCVEhigh-severitycwe-121
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma