CVE-2026-8131: SourceCodester SUP Online Shopping SQL Injection

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
CVE-2026-8131: SourceCodester SUP Online Shopping SQL Injection

The National Vulnerability Database has disclosed CVE-2026-8131, a high-severity SQL injection vulnerability in SourceCodester SUP Online Shopping 1.0. This flaw, rated 7.3 CVSSv3.1, allows remote attackers to execute SQL injection attacks without authentication by manipulating the msgid argument within the /admin/replymsg.php file.

This is a critical vulnerability for any organization running this specific e-commerce platform. The public availability of an exploit significantly increases the risk, as it lowers the barrier for entry for threat actors. Attackers can leverage this to exfiltrate sensitive data, manipulate database content, or potentially gain further access to the underlying system.

SQL injection remains a primary vector for data breaches. Defenders must prioritize patching or isolating any instances of SourceCodester SUP Online Shopping 1.0 immediately. The ease of exploitation and the potential for full data compromise make this a prime target for opportunistic attackers.

What This Means For You

  • If your organization uses SourceCodester SUP Online Shopping 1.0, you are directly exposed to CVE-2026-8131. Immediately identify and patch all instances, or take them offline. Audit your systems for any signs of compromise if patching isn't instantaneous, as public exploits mean active targeting is highly probable.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-8131: SourceCodester SUP Online Shopping SQL Injection via replymsg.php

Sigma YAML — free preview 
title: CVE-2026-8131: SourceCodester SUP Online Shopping SQL Injection via replymsg.php
id: scw-2026-05-08-ai-1
status: experimental
level: critical
description: |
  Detects SQL injection attempts targeting the SourceCodester SUP Online Shopping 1.0 application via the /admin/replymsg.php file. The attack manipulates the 'msgid' parameter, often including keywords like 'UNION', 'SELECT', and 'FROM' to extract data. This is the primary indicator for the CVE-2026-8131 vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-08
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-8131/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/admin/replymsg.php'
      cs-uri-query|contains:
          - 'msgid='
      cs-uri-query|contains:
          - 'UNION'
      cs-uri-query|contains:
          - 'SELECT'
      cs-uri-query|contains:
          - 'FROM'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-8131 SQLi SourceCodester SUP Online Shopping 1.0
CVE-2026-8131 SQLi Vulnerable file: /admin/replymsg.php
CVE-2026-8131 SQLi Vulnerable parameter: msgid

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 08, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Tenda CX12L Stack Buffer Overflow (CVE-2026-8138) Risks Remote Exploitation

CVE-2026-8138 — A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-121
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 2 Sigma

Totolink X5000R Buffer Overflow (CVE-2026-8137) Exposed

CVE-2026-8137 — A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-42279 — solidtime is an open-source time-tracking app. In version

CVE-2026-42279 — solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller...

vulnerabilityCVEmedium-severitycwe-639
/SCW Vulnerability Desk /MEDIUM /5.8 /⚑ 2 IOCs /⚙ 2 Sigma