Online Shopping System

online_shopping_system

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-12215 1Projectworlds 1Online Shopping System Apr 29, 2026 Oct 27, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack ma...Show more A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.Show less
CVE-2025-11070 1Projectworlds 1Online Shopping System Apr 29, 2026 Sep 27, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be per...Show more A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.Show less
CVE-2021-43158 1Projectworlds 1Online Shopping System Oct 29, 2025 Dec 22, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.
CVE-2021-43157 1Projectworlds 1Online Shopping System Oct 29, 2025 Dec 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.