CVE-2025-4173 MEDIUM

CVE-2025-4173: SourceCodester Online Eyewear Shop Master.php delete_cart sql injection

Vendor Sourcecodester
Product Online Eyewear Shop
Weakness CWE-89 · SQLi
Published May 1, 2025
Last update May 2, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 1, 2025 CVE published
May 2, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-54720 WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability CVE-2026-7407 SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection CVE-2025-23911 WordPress Solidres – Hotel booking plugin for WordPress Plugin <= 0.9.4 - SQL Injection vulnerability CVE-2019-25218 Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.3 - Authenticated (Admin+) SQL Injection CVE-2014-125076 NoxxieNl Criminals roulette.php sql injection