CVE-2025-11628 MEDIUM

CVE-2025-11628: jimit105 Project-Online-Shopping-Website Product Inventory delete.php sql injection

Vendor Jimit105

Product Project-Online-Shopping-Website

Weakness CWE-89 · SQLi

Published October 12, 2025

Last update October 17, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument product_code causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

October 12, 2025 CVE published

October 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11628

Related vulnerabilities

Identifiers

CVE CVE-2025-11628

CWE CWE-89

CVSS 5.1 / MEDIUM

Affected versions