CVE-2025-61247

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions indieka900 online-shopping-system-php version 1.0

Description The online-shopping-system-php software version 1.0 contains a SQL Injection issue in the password parameter of the 'login.php' file. This allows for potential unauthorized access or data manipulation. The vulnerable parameter is password within the ''login.php'' API endpoint.

Recommendations Apply input validation and sanitization to the password parameter in the 'login.php' file to prevent SQL Injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-61247

Affected Products

Online Shopping System

CVE-2025-61247

Weakness Enumeration

Related Identifiers

Affected Products

References · 5