Critical Vulnerability Information Title: SourceCodester Online Shop Project V1.0 SQL Injection Description: - A critical SQL injection vulnerability was discovered in the "/action.php" file during the security review of the "Online Shop Project". - The vulnerability stems from inadequate validation of user input for the 'search' parameter, enabling attackers to inject malicious SQL queries. - This may result in unauthorized database access, data modification or deletion, and exposure of sensitive information. Source: https://github.com/xiaojuzirr/cve/issues/4 User: xiaojuzirr (UID 91878) Submission Date: 11/13/2025 09:57 AM Moderation Date: 11/19/2025 08:21 PM Status: Accepted VulDB Entry: 333021 [SourceCodester Online Shop Project 1.0 /action.php Search sql injection] Points: 20