VYPR

Online Shopping System Advanced

by PuneethReddyHC

CVEs (14)

  • CVE-2021-41649CriOct 1, 2021
    risk 0.68cvss 9.8epss 0.52

    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.

  • CVE-2025-52021CriOct 7, 2025
    risk 0.64cvss 9.8epss 0.00

    A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter is unsafely passed to a SQL query without proper validation or parameterization.

  • CVE-2024-40498CriAug 5, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php

  • CVE-2021-43110CriMar 29, 2022
    risk 0.64cvss 9.8epss 0.01

    An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products.

  • CVE-2025-51970HigJul 29, 2025
    risk 0.50cvss 7.7epss 0.00

    A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.

  • CVE-2021-41648HigOct 1, 2021
    risk 0.50cvss 7.5epss 0.10

    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.

  • CVE-2024-58316HigDec 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve…

  • CVE-2021-43109HigMar 29, 2022
    risk 0.49cvss 7.5epss 0.01

    An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.

  • CVE-2023-3337HigJun 20, 2023
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper…

  • CVE-2025-51972MedAug 28, 2025
    risk 0.42cvss 6.5epss 0.00

    A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.

  • CVE-2025-51969MedAug 28, 2025
    risk 0.42cvss 6.5epss 0.00

    A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.

  • CVE-2025-51968MedAug 28, 2025
    risk 0.42cvss 6.5epss 0.00

    A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions.

  • CVE-2025-51971MedAug 28, 2025
    risk 0.35cvss 5.4epss 0.00

    A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows…

  • CVE-2023-3311LowJun 18, 2023
    risk 0.16cvss 2.4epss 0.01

    A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate…