SQL Injection Vulnerability in PuneethReddyHC Online Shopping System
CVE-2025-51970

7.7HIGH

Key Information:

Vendor: PuneethReddyHC
Status: Online Shopping System Advanced
Vendor: CVE Published:; 29 July 2025

🔔 Create PuneethReddyHC Vulnerability Alert

What is CVE-2025-51970?

A SQL Injection vulnerability has been identified in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0. This issue arises from inadequate sanitization measures applied to user-supplied input in the keyword POST parameter, potentially exposing the system to unauthorized data manipulation and retrieval.

References

https://gist.github.com/im4x/10738ee219d69024387737fb14cd...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Jun 16, 2025