CVE-2025-50972

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.2

Description: AbanteCart is susceptible to a SQL Injection issue. Unauthenticated attackers can execute arbitrary SQL commands via the tmpl id parameter in the index.php file. Exploitation techniques include error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP(), and UNION-based injection to extract arbitrary data.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.