VYPR

Online Shopping System

by Projectworlds

CVEs (7)

  • CVE-2025-12215HigOct 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and…

  • CVE-2025-11070HigSep 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and…

  • CVE-2024-11059Nov 10, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id…

  • CVE-2024-45987Sep 26, 2024
    risk 0.00cvss epss 0.00

    Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without…

  • CVE-2024-45986Sep 26, 2024
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages…

  • CVE-2021-43157Dec 22, 2021
    risk 0.00cvss epss 0.01

    Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.

  • CVE-2021-43158Dec 22, 2021
    risk 0.00cvss epss 0.00

    In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.