CVE-2025-12215

Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0

Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file. Manipulation of the keywords argument may allow for remote exploitation. The exploit has been published.

Recommendations versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the /login submit.php file to minimize the risk of exploitation. Avoid using the keywords parameter in the affected API endpoint '/login submit.php' until the issue is resolved.