CVE-2024-11059

Summary

A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
Project WorldsFree Download Online Shopping System0.3affected
Project WorldsFree Download Online Shopping System0.5affected
Project WorldsFree Download Online Shopping System0.8affected
Project WorldsFree Download Online Shopping System0.9affected
Project WorldsFree Download Online Shopping System1.0affected
Project WorldsFree Download Online Shopping System1.1affected
Project WorldsFree Download Online Shopping System5.0affected
Project WorldsFree Download Online Shopping System10.0affected
Project WorldsFree Download Online Shopping System46.0affected
Project WorldsFree Download Online Shopping System192.168.1.88affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References