CVE-2025-51969
MEDIUM EPSS 13.4%
Published Aug 28, 202510mo ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Published Aug 28, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago
Description
A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
13.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| puneethreddyhc | online_shopping_system_advanced | 1.0 | any |
References 1
- github.com https://github.com/jairajparyani/CVE-s/blob/main/CVE-2025-51969%20%E2%80%93%20SQL%20Injection%20in%20Online%20Shopping%20System%20Advanced
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.