Online Shopping System
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12215 | Hig | 0.47 | 7.3 | 0.00 | Oct 27, 2025 | A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and… | ||
| CVE-2025-11070 | Hig | 0.47 | 7.3 | 0.00 | Sep 27, 2025 | A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and… | ||
| CVE-2024-11059 | 0.00 | — | 0.00 | Nov 10, 2024 | A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id… | |||
| CVE-2024-45987 | 0.00 | — | 0.00 | Sep 26, 2024 | Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without… | |||
| CVE-2024-45986 | 0.00 | — | 0.00 | Sep 26, 2024 | A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages… | |||
| CVE-2021-43157 | 0.00 | — | 0.01 | Dec 22, 2021 | Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. | |||
| CVE-2021-43158 | 0.00 | — | 0.00 | Dec 22, 2021 | In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. |
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and…
- CVE-2024-11059Nov 10, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id…
- CVE-2024-45987Sep 26, 2024risk 0.00cvss —epss 0.00
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without…
- CVE-2024-45986Sep 26, 2024risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages…
- CVE-2021-43157Dec 22, 2021risk 0.00cvss —epss 0.01
Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.
- CVE-2021-43158Dec 22, 2021risk 0.00cvss —epss 0.00
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.