SQL Injection in Brainstormforce Surecart
CVE-2026-9065
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'. The root cause is a…
Vulnerability class: SQL Injection
EPSS: 0.000 (11.2th percentile) — read the EPSS interpretation.
Affected products
- Brainstormforce Surecart — versions O