CVE-2025-11654

Name of the Vulnerable Software and Affected Versions yousaf530 Inferno Online Clothing Store versions prior to 827dd42bfbe380e8de76fdc67958c24cf1246208

Description A SQL injection issue exists in yousaf530 Inferno Online Clothing Store. The issue is due to improper handling of user-supplied input in an unknown function within the /log.php file. Manipulation of the cemail or password parameters allows an attacker to inject malicious SQL code into database queries. This could lead to unauthorized data access or modification. The exploit is publicly available.

Recommendations Update yousaf530 Inferno Online Clothing Store to a version prior to 827dd42bfbe380e8de76fdc67958c24cf1246208. As a temporary workaround, restrict access to the /log.php file to minimize the risk of exploitation. Avoid using the cemail and password parameters in the affected API endpoint until the issue is resolved.