从这个网页截图中,可以获取到以下关于漏洞的关键信息: CVE ID: CVE-2025-51969 Product: Online Shopping System Advanced Version: 1.0 Vendor: PuneethReddyMC/online-shopping-system-advanced Vulnerability Type: SQL Injection Vulnerable File: /online-shopping-system-advanced-master/product.php Vulnerable Parameter: product_id (GET) Discovered by: Jairaj Paryani Description A SQL Injection vulnerability exists in the parameter of the page. This flaw enables attackers to inject malicious SQL queries. Proof of Concept (PoC) Malicious URL: Error Response: This confirms the injection point. Exploitation with sqlmap: Impact Unauthorized data retrieval Modification or deletion of records Possible takeover of the application database Mitigation Use prepared statements and parameterized queries Sanitize inputs and enforce strict type checking References OWASP SQL Injection Guide Discoverer Jairaj Paryani