CVE-2024-58316

Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

CVSS 8.7 HIGHEPSS 0.5%CWE-89

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

PuneethReddyHC · online-shopping-system-advanced

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/PuneethReddyHC/online-shopping-system-advanced https://www.exploit-db.com/exploits/51811 https://www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parameter