CVE-2020-25362

HIGH

Online Shopping Alphaware - SQL Injection

Title source: rule

Description

The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases.

Exploits (1)

exploitdb SCANNER

by Moaaz Taha · textwebappsphp

https://www.exploit-db.com/exploits/48771

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48771

[Third Party Advisory] https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html

Scores

CVSS v3 7.5

EPSS 0.0130

EPSS Percentile 79.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (1)

online_shopping_alphaware_project/online_shopping_alphaware 1.0

Published Jun 02, 2021

Tracked Since Feb 18, 2026