Agri Trading Online Shopping System
Monthly
SQL injection in the Agri Trading Online Shopping System 1.0 admin panel allows unauthenticated remote attackers to manipulate product parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the HTTP POST request handler in admin/productcontroller.php and enables data exfiltration, modification, and potential denial of service.
A vulnerability was found in itsourcecode Agri-Trading Online Shopping System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/suppliercontroller.php. The manipulation of the argument supplier leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6489 is a critical SQL injection vulnerability in itsourcecode Agri-Trading Online Shopping System version 1.0, affecting the /transactionsave.php file through the 'del' parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially compromising confidentiality, integrity, and availability of the application database. Public disclosure of this vulnerability exists, and exploitation is feasible without authentication or user interaction.
SQL injection in the Agri Trading Online Shopping System 1.0 admin panel allows unauthenticated remote attackers to manipulate product parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the HTTP POST request handler in admin/productcontroller.php and enables data exfiltration, modification, and potential denial of service.
A vulnerability was found in itsourcecode Agri-Trading Online Shopping System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/suppliercontroller.php. The manipulation of the argument supplier leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6489 is a critical SQL injection vulnerability in itsourcecode Agri-Trading Online Shopping System version 1.0, affecting the /transactionsave.php file through the 'del' parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially compromising confidentiality, integrity, and availability of the application database. Public disclosure of this vulnerability exists, and exploitation is feasible without authentication or user interaction.