Lucene search
K

185 matches found

Nuclei
Nuclei
added yesterday39 views

PuneethReddyHC Online Shopping System homeaction.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...

9.8CVSS7.3AI score0.5177EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.8 views

CVE-2022-42109

Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php...

9.8CVSS8.3AI score0.01122EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 12:0 a.m.17 views

CVE-2025-61246

CVE-2025-61246 affects indieka900 online-shopping-system-php 1.0. The vulnerability is SQL Injection in master/review_action.php via the proId parameter, caused by unsafely concatenating user input into SQL. This is documented across multiple sources in the connected documents, including Red Hat,...

9.8CVSS7.6AI score0.00391EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.24 views

CVE-2025-61246

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/reviewaction.php via the proId parameter...

0.00391EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/01/05 6:19 p.m.162 views

Exploit for CVE-2025-61246

CVE-2025-61246 - SQL Injection Vulnerability in Online Shoppin...

9.8AI score0.00391EPSS
Exploits2
OSV
OSV
added 2025/12/12 9:15 p.m.3 views

CVE-2024-58316

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

8.7CVSS5.8AI score0.00485EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/12 8:14 p.m.2 views

CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

8.7CVSS7.2AI score0.00485EPSS
Exploits1References3
CVE
CVE
added 2025/12/12 8:14 p.m.16 views

CVE-2024-58316

CVE-2024-58316 affects Online Shopping System Advanced 1.0. A SQL injection vulnerability exists in the payment_success.php script, exploitable via the unfiltered, user-controllable cm parameter, enabling attackers to craft SQL queries and potentially retrieve sensitive database information by ma...

8.7CVSS7.2AI score0.00485EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/12 8:14 p.m.22 views

CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

8.7CVSS0.00485EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

Online Shopping System Advanced SQL注入漏洞

Online Shopping System Advanced is an online store website by Puneeth Reddy H C Individual Developer. A SQL injection vulnerability exists in Online Shopping System Advanced version 1.0, which stems from a SQL injection in the paymentsuccess.php script that could result in the retrieval of...

8.7CVSS7.7AI score0.00485EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/27 6:31 p.m.4 views

EUVD-2025-36203

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

8.2CVSS7.6AI score0.00226EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 4:15 p.m.8 views

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

8.2CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 12:0 a.m.8 views

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.4 views

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

7.7AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2025/10/27 12:0 a.m.10 views

CVE-2025-61247

CVE-2025-61247 affects indieka900 online-shopping-system-php 1.0. The vulnerability is a SQL Injection in the password parameter of login.php, as described across multiple sources (NVD entry and related advisories). The underlying issue is unvalidated SQL handling in the login flow, enabling pote...

8.2CVSS7.7AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.5 views

online-shopping-system 安全漏洞

online-shopping-system is an online shopping system by Puneeth Reddy H C Individual Developer. A security vulnerability exists in online-shopping-system version 1.0, which stems from an unvalidated parameter password in login.php, which could lead to a SQL injection attack...

8.2CVSS7.8AI score0.00226EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/08 8:19 p.m.12 views

CVE-2025-52021

A SQL Injection vulnerability exists in the editproduct.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The productid GET parameter is unsafely passed to a SQL query without proper validation or parameterization...

9.8CVSS7.9AI score0.00309EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/10/07 2:23 p.m.283 views

Exploit for CVE-2025-52021

CVE-2025-52021 — Time-Based Blind SQL Injection in PuneethRedd...

8.1AI score0.00309EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.4 views

PT-2025-41137

Name of the Vulnerable Software and Affected Versions PuneethReddyHC Online Shopping System Advanced version 1.0 Description A SQL Injection issue exists in the edit product.php file. The product id GET parameter is passed to a SQL query without sufficient validation or parameterization. This cou...

9.8CVSS7.4AI score0.00309EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/07 12:0 a.m.11 views

CVE-2025-52021

A SQL Injection vulnerability exists in the editproduct.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The productid GET parameter is unsafely passed to a SQL query without proper validation or parameterization...

0.00309EPSS
Exploits1References1
Rows per page
Query Builder