Unrated severityNVD Advisory· Published Dec 12, 2025· Updated Apr 7, 2026
Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter
CVE-2024-58316
Description
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.0
- PuneethReddyHC/online-shopping-system-advancedv5Range: 1.0
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/51811mitreexploit
- www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parametermitrethird-party-advisory
News mentions
0No linked articles in our index yet.