Online Shopping System Advanced

online_shopping_system_advanced

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-58316 1Puneethreddyhc 1Online Shopping System Advanced Dec 19, 2025 Dec 12, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the...Show more Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.Show less
CVE-2025-51972 1Puneethreddyhc 1Online Shopping System Advanced Sep 9, 2025 Aug 28, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.
CVE-2025-51971 1Puneethreddyhc 1Online Shopping System Advanced Sep 9, 2025 Aug 28, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response withou...Show more A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code.Show less
CVE-2025-51969 1Puneethreddyhc 1Online Shopping System Advanced Sep 9, 2025 Aug 28, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being inclu...Show more A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.Show less
CVE-2025-51968 1Puneethreddyhc 1Online Shopping System Advanced Sep 9, 2025 Aug 28, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing atta...Show more A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions.Show less
CVE-2025-51970 1Puneethreddyhc 1Online Shopping System Advanced Nov 13, 2025 Jul 29, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.