SQL Injection Vulnerability in Product Inventory Handler of jimit105 Online Shopping Website
CVE-2025-11628

5.1MEDIUM

Key Information:

Vendor: Jimit105
Status: Project-online-shopping-website
Vendor: CVE Published:; 12 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11628?

The jimit105 Project-Online-Shopping-Website contains a vulnerability that allows SQL injection through the 'product_code' parameter in the /delete.php file of the Product Inventory Handler component. This flaw enables malicious actors to manipulate SQL queries, potentially leading to unauthorized data exposure and other security breaches. The vulnerability can be exploited remotely, and details regarding affected versions are limited due to the vendor's lack of response to the disclosure. Continuous delivery practices mean that updates are rolled out regularly, making it critical for users to remain vigilant about potential exposure.

Affected Version(s)

Project-Online-Shopping-Website 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11628 - Proof of Concept

References

https://vuldb.com/?id.328040

vdb-entrytechnical-description

https://vuldb.com/?ctiid.328040

signaturepermissions-required

https://vuldb.com/?submit.664647

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 12, 2025
👾
Exploit known to exist
Oct 12, 2025
Vulnerability published
Oct 12, 2025
Vulnerability Reserved
Oct 11, 2025

Credit

mahushuai (VulDB User)

JSON

Jimit105