VYPR
Unrated severityNVD Advisory· Published Dec 12, 2025· Updated Apr 7, 2026

Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

CVE-2024-58316

Description

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.