CVE Details
Basic Information
| Title | itsourcecode Agri-Trading Online Shopping System transactionsave.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-22T18:31:05.987Z |
| Last Seen |
Product Information
| Vendor | itsourcecode |
|---|---|
| Product | Agri-Trading Online Shopping System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in the Agri-Trading Online Shopping System version 1.0 allows remote attackers to inject malicious SQL code by manipulating the ‘del’ argument in the transactionsave.php file. This could lead to unauthorized data access or modification. |
|---|---|
| AI Severity | Medium |
| Vendor | itsourcecode |
| Product | Agri-Trading Online Shopping System |
| Affected Version | 1.0 |
Affected Products
- itsourcecode Agri-Trading Online Shopping System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability has been found in itsourcecode Agri-Trading Online Shopping System 1.0 and classified as critical. This vulnerability affects unknown code of the file /transactionsave.php. The manipulation of the argument del leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.