185 matches found
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...
CVE-2022-42109
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php...
CVE-2025-61246
CVE-2025-61246 affects indieka900 online-shopping-system-php 1.0. The vulnerability is SQL Injection in master/review_action.php via the proId parameter, caused by unsafely concatenating user input into SQL. This is documented across multiple sources in the connected documents, including Red Hat,...
CVE-2025-61246
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/reviewaction.php via the proId parameter...
Exploit for CVE-2025-61246
CVE-2025-61246 - SQL Injection Vulnerability in Online Shoppin...
CVE-2024-58316
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...
CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...
CVE-2024-58316
CVE-2024-58316 affects Online Shopping System Advanced 1.0. A SQL injection vulnerability exists in the payment_success.php script, exploitable via the unfiltered, user-controllable cm parameter, enabling attackers to craft SQL queries and potentially retrieve sensitive database information by ma...
CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...
Online Shopping System Advanced SQL注入漏洞
Online Shopping System Advanced is an online store website by Puneeth Reddy H C Individual Developer. A SQL injection vulnerability exists in Online Shopping System Advanced version 1.0, which stems from a SQL injection in the paymentsuccess.php script that could result in the retrieval of...
EUVD-2025-36203
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...
CVE-2025-61247
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...
CVE-2025-61247
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...
CVE-2025-61247
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...
CVE-2025-61247
CVE-2025-61247 affects indieka900 online-shopping-system-php 1.0. The vulnerability is a SQL Injection in the password parameter of login.php, as described across multiple sources (NVD entry and related advisories). The underlying issue is unvalidated SQL handling in the login flow, enabling pote...
online-shopping-system 安全漏洞
online-shopping-system is an online shopping system by Puneeth Reddy H C Individual Developer. A security vulnerability exists in online-shopping-system version 1.0, which stems from an unvalidated parameter password in login.php, which could lead to a SQL injection attack...
CVE-2025-52021
A SQL Injection vulnerability exists in the editproduct.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The productid GET parameter is unsafely passed to a SQL query without proper validation or parameterization...
Exploit for CVE-2025-52021
CVE-2025-52021 — Time-Based Blind SQL Injection in PuneethRedd...
PT-2025-41137
Name of the Vulnerable Software and Affected Versions PuneethReddyHC Online Shopping System Advanced version 1.0 Description A SQL Injection issue exists in the edit product.php file. The product id GET parameter is passed to a SQL query without sufficient validation or parameterization. This cou...
CVE-2025-52021
A SQL Injection vulnerability exists in the editproduct.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The productid GET parameter is unsafely passed to a SQL query without proper validation or parameterization...