← volver
CVE-2024-58316

Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

CVSS 8.7 HIGHEPSS 0.5%CWE-89
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
PuneethReddyHC · online-shopping-system-advanced

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/PuneethReddyHC/online-shopping-system-advancedhttps://www.exploit-db.com/exploits/51811https://www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parameter