CVE-2024-58316 HIGH

CVE-2024-58316: Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

Vendor Puneethreddyhc

Product online-shopping-system-advanced

Weakness CWE-89 · SQLi

Published December 12, 2025

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.

Key dates

02Disclosure timeline

December 12, 2025 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-58316

Related vulnerabilities

04Related CVE

CVE-2026-5665 code-projects Online FIR System Login checklogin.php sql injection CVE-2024-11646 1000 Projects Beauty Parlour Management System edit-services.php sql injection CVE-2024-7117 MD-MAFUJUL-HASAN Online-Payroll-Management-System shift_viewmore.php sql injection CVE-2024-10845 1000 Projects Bookstore Management System book_detail.php sql injection CVE-2025-10142 PagBank / PagSeguro Connect para WooCommerce <= 4.44.3 - Authenticated (Shop Manager+) SQL Injection