CVE-2021-41648

Name of the Vulnerable Software and Affected Versions PuneethReddyHC online-shopping-system-advanced (affected versions not specified)

Description An un-authenticated SQL Injection issue exists in the software through the "/action.php" API endpoint, specifically via the prId parameter. This occurs because user input is not properly sanitized when using a POST request.

Recommendations As a temporary workaround, consider restricting access to the "/action.php" API endpoint until a patch is available. Avoid using the prId parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.