PT-2026-40900 · Unknown · Ecommerce-Website

Berat Arslan

·

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2025-11024

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions E-Commerce Website versions prior to 4.5.001
Description Improper neutralization of special elements used in an SQL command allows Blind SQL Injection. This occurs when the application fails to properly sanitize user-supplied data before incorporating it into a database query, enabling an attacker to infer sensitive information by observing the application's response to specific queries.
Recommendations Update to version 4.5.001.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-11024

Affected Products

Ecommerce-Website