CVE-2025-51970

A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/im4x/10738ee219d69024387737fb14cdba9f	Exploit Third Party Advisory
https://github.com/jairajparyani/CVE-s/blob/main/CVE-2025-51970%20%E2%80%93%20SQL%20Injection%20Vulnerability%20in%20Online%20Shopping%20System%20Advanced	Exploit Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:puneethreddyhc:online_shopping_system_advanced:1.0:*:*:*:*:*:*:*

History

13 Nov 2025, 15:08

Type	Values Removed	Values Added
References	~~() https://github.com/jairajparyani/CVE-s/blob/main/CVE-2025-51970%20%E2%80%93%20SQL%20Injection%20Vulnerability%20in%20Online%20Shopping%20System%20Advanced -~~	() https://github.com/jairajparyani/CVE-s/blob/main/CVE-2025-51970%20%E2%80%93%20SQL%20Injection%20Vulnerability%20in%20Online%20Shopping%20System%20Advanced - Exploit, Mitigation, Third Party Advisory

Information

Published : 2025-07-29 15:15

Updated : 2025-11-13 15:08

NVD link : CVE-2025-51970

Mitre link : CVE-2025-51970

CVE.ORG link : CVE-2025-51970

JSON object : View

Products Affected

puneethreddyhc

online_shopping_system_advanced

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.7 /10