SQL Injection Vulnerability in PuneethReddyHC Online Shopping System
CVE-2025-52021

9.8CRITICAL

Key Information:

Vendor: PuneethReddyHC
Status: Online Shopping System Advanced
Vendor: CVE Published:; 7 October 2025

🔔 Create PuneethReddyHC Vulnerability Alert

What is CVE-2025-52021?

A SQL Injection vulnerability exists in the edit_product.php file of the PuneethReddyHC Online Shopping System Advanced 1.0. The vulnerability arises from the improper handling of user input through the product_id GET parameter, which is passed directly into a SQL query without adequate validation or parameterization. This flaw could allow an attacker to manipulate the SQL queries executed by the application, potentially leading to unauthorized access to sensitive data or administrative functionality.

References

https://gist.github.com/hafizgemilang/c953d16c14594586671...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Jun 16, 2025

JSON