Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Ashop Shopping Cart Software lets attackers steal database secrets
CVE-2019-25507
Summary
Ashop Shopping Cart Software has a security weakness that allows hackers to steal sensitive information from the database without needing a password. This means that an attacker could get access to information they shouldn't have, including customer details. To stay safe, update the Ashop software to the latest version to fix this issue.
Original title
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attacke...
Original description
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026