A vulnerability, which was classified as critical, was found in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/my_account.php?my_wishlist. The manipulation of the argument delete_wishlist results in sql injection.
This vulnerability is reported as CVE-2026-14799. The attack can be launched remotely. Moreover, an exploit is present.