CVE-2025-51970

High CVSS: 7.7

A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.

Vendor

Puneethreddyhc

Product

Online Shopping System Advanced

CWE

CWE-89

Yayın Tarihi

2025-07-29 15:15:35

Güncelleme

2025-11-13 15:08:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Online Shopping System Advanced HIGH Puneethreddyhc 2025

Referanslar

https://gist.github.com/im4x/10738ee219d69024387737fb14cdba9f https://github.com/jairajparyani/CVE-s/blob/main/CVE-2025-51970%20%E2%80%93%20SQL%20Injection%20Vulnerability%20in%20Online%20Shopping%20System%20Advanced

Benzer Kayıtlar

Critical

CVE-2025-65354

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injecti…

High

CVE-2024-58316

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows…

Medium

CVE-2025-56243

A Cross-Site Scripting (XSS) vulnerability was found in the register.php page of PuneethReddyHC Event Management System…