SQL Injection Vulnerability in Kashipara Ecommerce Website
CVE-2024-44653

6.5MEDIUM

Key Information:

Vendor: Kashipara
Status: Kashipara Ecommerce Website
Vendor: CVE Published:; 17 November 2025

What is CVE-2024-44653?

The Kashipara Ecommerce Website version 1.0 is vulnerable to a SQL Injection attack through the 'user_email' parameter in the 'user_login.php' script. This vulnerability allows unauthorized attackers to manipulate SQL queries by injecting malicious SQL code. If exploited, it could lead to unauthorized access to sensitive data, compromise of user accounts, and potential complete database control. Organizations using this software are advised to implement immediate security patches and review their application security practices.

References

https://www.kashipara.com/project/php/322/ecommerce-websi...

https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Aug 21, 2024

JSON