Unrated severityNVD Advisory· Published Dec 12, 2025· Updated Apr 7, 2026

Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

CVE-2024-58316

Description

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.

Affected products

Online Shopping System Advanced/Online Shopping System Advancedllm-create
Range: =1.0
PuneethReddyHC/online-shopping-system-advancedv5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51811mitreexploit
www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parametermitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000