PT-2025-42760 · Unknown · Bhabishya-123 E-Commerce

Published

2025-10-20

Updated

2025-10-20

CVE-2025-61455

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bhabishya-123 E-commerce version 1.0

Description A SQL Injection issue exists in Bhabishya-123 E-commerce. The application incorporates unsanitized user inputs directly into SQL queries. This allows unauthenticated attackers to bypass authentication and gain full access. The vulnerability is present in the signup.inc.php endpoint and the https://t.co/ox4NNwmsS5.php endpoint. The signup.inc.php endpoint directly incorporates unsanitized user inputs into SQL queries.

Recommendations Sanitize all user inputs before incorporating them into SQL queries in the signup.inc.php endpoint. Sanitize all user inputs before incorporating them into SQL queries in the https://t.co/ox4NNwmsS5.php endpoint.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-61455

Affected Products

Bhabishya-123 E-Commerce

PT-2025-42760 · Unknown · Bhabishya-123 E-Commerce

CVE-2025-61455

Weakness Enumeration

Related Identifiers

Affected Products

References · 4