CVE-2024-58316

Sažetak

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.

Reference

https://github.com/PuneethReddyHC/online-shopping-system-advanced
https://www.exploit-db.com/exploits/51811
https://www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parameter

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

12-12-2025 - 21:15

Objavljeno

12-12-2025 - 21:15