Online Shopping System Advanced
by Online Shopping System Advanced
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40498 | Cri | 0.65 | 9.8 | 0.01 | Aug 5, 2024 | SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php | ||
| CVE-2025-52021 | Cri | 0.64 | 9.8 | 0.00 | Oct 7, 2025 | A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter is unsafely passed to a SQL query without proper validation or parameterization. | ||
| CVE-2022-42109 | Cri | 0.64 | 9.8 | 0.01 | Nov 29, 2022 | Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. | ||
| CVE-2024-58316 | 0.00 | — | 0.00 | Dec 12, 2025 | Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve… | |||
| CVE-2025-51972 | 0.00 | — | 0.00 | Aug 28, 2025 | A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. | |||
| CVE-2025-51969 | 0.00 | — | 0.00 | Aug 28, 2025 | A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement. | |||
| CVE-2025-51971 | 0.00 | — | 0.00 | Aug 28, 2025 | A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows… | |||
| CVE-2025-51968 | 0.00 | — | 0.00 | Aug 28, 2025 | A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions. | |||
| CVE-2025-51970 | 0.00 | — | 0.00 | Jul 29, 2025 | A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. |
- risk 0.65cvss 9.8epss 0.01
SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php
- risk 0.64cvss 9.8epss 0.00
A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter is unsafely passed to a SQL query without proper validation or parameterization.
- risk 0.64cvss 9.8epss 0.01
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.
- CVE-2024-58316Dec 12, 2025risk 0.00cvss —epss 0.00
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve…
- CVE-2025-51972Aug 28, 2025risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.
- CVE-2025-51969Aug 28, 2025risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.
- CVE-2025-51971Aug 28, 2025risk 0.00cvss —epss 0.00
A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows…
- CVE-2025-51968Aug 28, 2025risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions.
- CVE-2025-51970Jul 29, 2025risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.