PuneethReddyHC Online Shopping System homeaction.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...

CVE-2021-41649

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php catid parameter. Using a post request does not sanitize the user input...

CVE-2022-42109

Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php...

CVE-2025-61246

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/reviewaction.php via the proId parameter...

CVE-2025-61246

CVE-2025-61246 affects indieka900 online-shopping-system-php 1.0. The vulnerability is SQL Injection in master/review_action.php via the proId parameter, caused by unsafely concatenating user input into SQL. This is documented across multiple sources in the connected documents, including Red Hat,...

Exploit for CVE-2025-61246

CVE-2025-61246 - SQL Injection Vulnerability in Online Shoppin...

CVE-2024-58316

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

CVE-2024-58316

CVE-2024-58316 affects Online Shopping System Advanced 1.0. A SQL injection vulnerability exists in the payment_success.php script, exploitable via the unfiltered, user-controllable cm parameter, enabling attackers to craft SQL queries and potentially retrieve sensitive database information by ma...

CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

Online Shopping System Advanced SQL注入漏洞

Online Shopping System Advanced is an online store website by Puneeth Reddy H C Individual Developer. A SQL injection vulnerability exists in Online Shopping System Advanced version 1.0, which stems from a SQL injection in the paymentsuccess.php script that could result in the retrieval of...

EUVD-2025-36203

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

CVE-2025-12215 projectworlds Online Shopping System login_submit.php sql injection

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-12215

CVE-2025-12215 affects projectworlds Online Shopping System 1.0, specifically the /login_submit.php file. The issue is an input handling flaw where manipulating the keywords argument enables SQL injection. The vulnerability is remote and has had exploits published. Multiple sources flag high risk...

PT-2025-43973

Name of the Vulnerable Software and Affected Versions indieka900 online-shopping-system-php version 1.0 Description The online-shopping-system-php software version 1.0 contains a SQL Injection issue in the password parameter of the 'login.php' file. This allows for potential unauthorized access o...

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

online-shopping-system 安全漏洞

online-shopping-system is an online shopping system by Puneeth Reddy H C Individual Developer. A security vulnerability exists in online-shopping-system version 1.0, which stems from an unvalidated parameter password in login.php, which could lead to a SQL injection attack...

CVE-2025-61247

CVE-2025-61247 affects indieka900 online-shopping-system-php 1.0. The vulnerability is a SQL Injection in the password parameter of login.php, as described across multiple sources (NVD entry and related advisories). The underlying issue is unvalidated SQL handling in the login flow, enabling pote...