CVE-2026-3758
CRITICAL WAF: High
CVSS 9.8
Published: 2026-03-08
CWE-89
A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| projectworlds | online_art_gallery_shop | 1.0 |
References
- github.com (Exploit, Issue Tracking)
- vuldb.com (Permissions Required, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)