PT-2021-23755 · Unknown · Projectsworlds Online Shopping System

Khanhchauminh

Published

2021-12-22

Updated

2025-10-29

CVE-2021-43157

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Projectsworlds Online Shopping System PHP version 1.0

Description The issue concerns SQL injection via the id parameter in the "cart remove.php" file. This allows for potential manipulation of database queries.

Recommendations For Projectsworlds Online Shopping System PHP version 1.0, consider restricting access to the "cart remove.php" file until a proper fix is applied, and ensure that user input for the id parameter is properly sanitized to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-43157

Affected Products

Projectsworlds Online Shopping System

PT-2021-23755 · Unknown · Projectsworlds Online Shopping System

CVE-2021-43157

Weakness Enumeration

Related Identifiers

Affected Products

References · 6