CVE-2024-58316

High CVSS: 8.7

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.

Vendor

Puneethreddyhc

Product

Online Shopping System Advanced

CWE

CWE-89

Yayın Tarihi

2025-12-12 21:15:51

Güncelleme

2025-12-19 15:27:57

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-89 Online Shopping System Advanced HIGH Puneethreddyhc 2025

Referanslar

https://github.com/PuneethReddyHC/online-shopping-system-advanced https://www.exploit-db.com/exploits/51811 https://www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parameter

Benzer Kayıtlar

Critical

CVE-2025-65354

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injecti…

Medium

CVE-2025-56243

A Cross-Site Scripting (XSS) vulnerability was found in the register.php page of PuneethReddyHC Event Management System…

High

CVE-2025-51970

A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 du…