Puneethreddyhc

Online Shopping System Advanced

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2024-58316

Exploit
  • EPSS 0.09%
  • Veröffentlicht 12.12.2025 20:14:23
  • Zuletzt bearbeitet 19.12.2025 15:27:57

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending craft...

7.5

CVE-2024-58304

Exploit
  • EPSS 0.03%
  • Veröffentlicht 11.12.2025 21:40:42
  • Zuletzt bearbeitet 12.12.2025 21:15:50

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' paramete...

9.8

CVE-2025-52021

  • EPSS 0.03%
  • Veröffentlicht 07.10.2025 00:00:00
  • Zuletzt bearbeitet 08.10.2025 19:38:09

A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter is unsafely passed to a SQL query without proper validation or parameterization.

6.5

CVE-2025-51968

Exploit
  • EPSS 0.04%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 18:43:01

A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL ...

6.5

CVE-2025-51969

Exploit
  • EPSS 0.04%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 18:42:54

A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.

5.4

CVE-2025-51971

Exploit
  • EPSS 0.05%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 18:42:47

A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or outp...

6.5

CVE-2025-51972

Exploit
  • EPSS 0.04%
  • Veröffentlicht 28.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 18:42:32

A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.

7.7

CVE-2025-51970

Exploit
  • EPSS 0.02%
  • Veröffentlicht 29.07.2025 00:00:00
  • Zuletzt bearbeitet 13.11.2025 15:08:56

A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.

9.8

CVE-2024-40498

  • EPSS 11.78%
  • Veröffentlicht 05.08.2024 17:15:41
  • Zuletzt bearbeitet 06.08.2024 16:30:24

SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php

6.1

CVE-2024-3579

  • EPSS 0.39%
  • Veröffentlicht 14.05.2024 16:17:32
  • Zuletzt bearbeitet 21.11.2024 09:29:54

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.