A flaw has been found in Jimit105 Project-Online-Shopping-Website up to version 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. Manipulation of the argument product_code allows for SQL injection, enabling remote attack initiation. The exploit has been made public. As the product follows a rolling release model, specific version details for affected or updated releases are not available. The vendor was contacted early about this disclosure but did not respond.
CVE-2025-11628
🟡 Medium
CVE-2025-11628: SQL Injection Vulnerability in Jimit105 Project-Online-Shopping-Website
CVE-2025-11628 identifies a SQL injection vulnerability in Jimit105 Project-Online-Shopping-Website affecting the Product Inventory Handler.
CVE ID
CVE-2025-11628
CVSS Score
4.7
Vendor
unknown
Published
Oct 12
Vulnerability Details
- CVE ID
- CVE-2025-11628
- Severity
- Medium
- CVSS v3 Score
- 4.7 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 12, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners