GCVE - cpe:2.3:a:projectworlds:online_shopping

Approved changes feed: RSS · Atom

cpe:2.3:a:projectworlds:online_shopping_system:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Projectworlds (`1c49ba31-3767-5ff6-9610-c6dcb2aee835`)
Product	Online Shopping System (`f5d6f0b4-6dcd-55bb-9da5-f015657ca17b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-12215`	vulnerable	2026-06-03 14:58:43.988578	projectworlds Online Shopping System login_submit.php sql injection HIGH (7.3) A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. Published: 2025-10-27T04:02:12.489Z Updated: 2026-02-24T07:06:02.713Z Open on db.gcve.eu Reference links https://vuldb.com/?id.329885 https://vuldb.com/?ctiid.329885 https://vuldb.com/?submit.673302 https://github.com/juzidddd/SQL-Injection-Vulnerability-in-Projectworlds-PHP-Online-Shopping-System/issues/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11070`	vulnerable	2026-06-03 14:58:35.335603	Projectworlds Online Shopping System cart_add.php sql injection HIGH (7.3) A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. Published: 2025-09-27T17:02:06.073Z Updated: 2025-09-29T19:27:13.940Z Open on db.gcve.eu Reference links https://vuldb.com/?id.326109 https://vuldb.com/?ctiid.326109 https://vuldb.com/?submit.659660 https://github.com/underatted/CVE/issues/5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-43158`	vulnerable	2026-06-03 14:45:33.739127	Details available In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. Published: 2021-12-22T17:27:07.000Z Updated: 2024-08-04T03:47:13.569Z Open on db.gcve.eu Reference links https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/ https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-43157`	vulnerable	2026-06-03 14:45:33.738689	Details available Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. Published: 2021-12-22T17:28:20.000Z Updated: 2024-08-04T03:47:13.610Z Open on db.gcve.eu Reference links https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/ https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Projectworlds Online Shopping System 1.0

PURL mappings

Vulnerability references

Contribute