A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.

CVE Database V5

Detailed information about CVE-2025-51972: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51972: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51972: n/a

A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code.

Detailed information about CVE-2025-51971: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51971: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51971: n/a

A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.

CVE-2025-51969 is a SQL Injection vulnerability identified in the product.php page of the PuneethReddyHC Online Shopping System Advanced 1.0. The vulnerability arises from improper validation of the product_id parameter passed via the GET method. This parameter is directly incorporated into a SQL query without adequate sanitization or use of parameterized queries, allowing an attacker to inject malicious SQL code. Exploiting this flaw could enable an attacker to manipulate the backend database queries, potentially leading to unauthorized data access, data modification, or even deletion. The lack of input validation means that crafted input could alter the intended SQL command structure, bypassing application logic and security controls. Although no known exploits are currently reported in the wild, the vulnerability's presence in an e-commerce platform makes it a significant risk, as attackers often target such systems for financial gain or data theft. The absence of a CVSS score limits precise severity quantification, but the nature of SQL Injection vulnerabilities typically implies a high risk due to their potential impact and ease of exploitation. No patches or mitigations have been officially published yet, and the affected version is specified as 1.0 without further detail on other versions. The vulnerability was reserved in June 2025 and published in August 2025, indicating recent discovery and disclosure.

Detailed information about CVE-2025-51969: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51969: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51969: n/a

A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions.

CVE-2025-51968 is a SQL Injection vulnerability identified in the action.php file of the PuneethReddyHC Online Shopping System Advanced version 1.0. The vulnerability arises because the application does not properly sanitize user-supplied input in the 'proId' POST parameter. This improper input validation allows an attacker to inject arbitrary SQL expressions into the backend database queries. SQL Injection vulnerabilities enable attackers to manipulate database queries, potentially leading to unauthorized data access, data modification, or deletion. In some cases, attackers can escalate privileges, bypass authentication, or execute administrative operations on the database. Since the vulnerability is located in a critical component handling product identification, exploitation could allow attackers to extract sensitive customer data, alter product information, or disrupt the e-commerce platform's normal operations. Although no known exploits are currently reported in the wild and no CVSS score has been assigned, the nature of SQL Injection vulnerabilities inherently poses a significant risk. The lack of a patch or mitigation details indicates that the vulnerability remains unaddressed, increasing the urgency for affected organizations to implement protective measures. The vulnerability's technical details confirm it was reserved in mid-2025 and published in August 2025, indicating it is a recent discovery.

Detailed information about CVE-2025-51968: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51968: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51968: n/a

A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's browser.

CVE-2025-51967 is a Reflected Cross-site Scripting (XSS) vulnerability identified in the themeSet.php file of the ProjectsAndPrograms School Management System version 1.0. This vulnerability arises because the application fails to properly sanitize user-supplied input in the 'theme' POST parameter. As a result, an attacker can inject malicious JavaScript code that is reflected back to the victim's browser and executed in the context of the vulnerable web application. Reflected XSS attacks typically require the victim to click on a crafted link or submit a specially formed request, which then causes the malicious script to run. This can lead to session hijacking, credential theft, defacement, or redirection to malicious sites. The vulnerability affects the web interface of the school management system, which is likely used by students, teachers, and administrative staff to manage educational activities and data. No specific affected versions beyond 1.0 are listed, and no patches or known exploits in the wild have been reported as of the publication date. The absence of a CVSS score indicates that the vulnerability has not yet been fully assessed for severity, but the technical nature of reflected XSS is well understood in cybersecurity communities.

Detailed information about CVE-2025-51967: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51967: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51967: n/a

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6.

Detailed information about CVE-2025-48305: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in vikingjs Goal Tracker 