PT-2025-41317 · Unknown · Code-Projects E-Commerce Website

Huanghc

Published

2025-10-08

Updated

2025-10-14

CVE-2025-11509

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0

Description A flaw exists in code-projects E-Commerce Website 1.0. Manipulation of the prod name argument in the file '/pages/product add.php' can lead to SQL injection. This issue may be exploited remotely. The exploit is publicly available.

Recommendations Sanitize the prod name argument in the '/pages/product add.php' file to prevent SQL injection. Restrict access to the '/pages/product add.php' file if possible.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-11509

Affected Products

Code-Projects E-Commerce Website

PT-2025-41317 · Unknown · Code-Projects E-Commerce Website

CVE-2025-11509

Weakness Enumeration

Related Identifiers

Affected Products

References · 11