Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Ashop Shopping Cart Software allows attackers to extract sensitive database info
CVE-2019-25391
Summary
Ashop Shopping Cart Software has a security flaw that lets attackers steal sensitive database information. If not fixed, this could allow hackers to access confidential data. You should update to the latest version of Ashop Shopping Cart Software to prevent this issue.
Original title
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send P...
Original description
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functions to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026