PT-2025-50975 · Unknown · Online Shopping System Advanced Version 1.0
Furkan Gedik
·
Publicado
2025-12-12
·
Atualizado
2025-12-19
·
CVE-2024-58316
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Online Shopping System Advanced version 1.0
Description
The software contains a SQL injection flaw in the
payment success.php script. This allows attackers to inject malicious SQL code through the unfiltered cm parameter. Exploitation involves sending crafted SQL queries to obtain sensitive database information by manipulating the user ID parameter.Recommendations
Apply filters to the
cm parameter in the payment success.php script to prevent SQL injection.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Online Shopping System Advanced Version 1.0