Li Shudong

6 exploits Active since Sep 2024
CVE-2024-8416 WRITEUP MEDIUM WRITEUP
SourceCodester Food Ordering Management System 1.0 - SQL Injection
A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been classified as critical. This affects an unknown part of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-11509 WRITEUP MEDIUM WRITEUP
E-Commerce Website 1.0 - SQL Injection via prod_name Parameter
A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/product_add.php. Performing manipulation of the argument prod_name results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS 6.3
CVE-2025-11511 WRITEUP MEDIUM WRITEUP
code-projects E-Commerce Website 1.0 - SQL Injection via supp_email Parameter
A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplier_add.php. Executing manipulation of the argument supp_email can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
CVSS 6.3
CVE-2025-11596 WRITEUP HIGH WRITEUP
E-Commerce Website 1.0 - SQL Injection via order_id Parameter in delete_order_details.php
A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument order_id can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
CVE-2025-11597 WRITEUP MEDIUM WRITEUP
E-Commerce Website 1.0 - SQL Injection via prod_id Parameter in product_add_qty.php
A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVSS 6.3
CVE-2025-11615 WRITEUP HIGH WRITEUP
Best Salon Management System 1.0 - SQL Injection via ServiceId Parameter
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of the argument ServiceId results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
CVSS 7.3