CVE-2024-58316

HIGH 7.5

Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.

CWE	CWE-89
Vendor	puneethreddyhc
Product	online-shopping-system-advanced
Published	Dec 12, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for puneethreddyhc online-shopping-system-advanced

Be the first to know when new high vulnerabilities affecting puneethreddyhc online-shopping-system-advanced are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

PuneethReddyHC / online-shopping-system-advanced

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51811 github.com: https://github.com/PuneethReddyHC/online-shopping-system-advanced vulncheck.com: https://www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parameter

Credits

Furkan Gedik