ReportizFlow
Filtered by vendor Puneethreddyhc
Subscriptions
Filtered by product Online Shopping System Advanced
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58316 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-12-15 | 7.5 High |
| Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter. | ||||
| CVE-2025-51970 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-11-13 | 7.7 High |
| A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. | ||||
| CVE-2025-52021 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-10-08 | 9.8 Critical |
| A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter is unsafely passed to a SQL query without proper validation or parameterization. | ||||
| CVE-2025-51968 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 6.5 Medium |
| A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions. | ||||
| CVE-2025-51969 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 6.5 Medium |
| A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement. | ||||
| CVE-2025-51971 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 5.4 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code. | ||||
| CVE-2025-51972 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 6.5 Medium |
| A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. | ||||
| CVE-2024-40498 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2024-08-06 | 9.8 Critical |
| SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php | ||||
Page 1 of 1.