PT-2025-50975 · Unknown · Online Shopping System Advanced Version 1.0
Furkan Gedik
·
Published
2025-12-12
·
Updated
2025-12-19
·
CVE-2024-58316
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Online Shopping System Advanced version 1.0
Description
The software contains a SQL injection flaw in the
payment success.php script. This allows attackers to inject malicious SQL code through the unfiltered cm parameter. Exploitation involves sending crafted SQL queries to obtain sensitive database information by manipulating the user ID parameter.Recommendations
Apply filters to the
cm parameter in the payment success.php script to prevent SQL injection.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Online Shopping System Advanced Version 1.0