关键漏洞信息 Title: SourceCodester Online Shop Project V1.0 SQL Injection Description: - A critical SQL injection vulnerability was found in the "/action.php" file during the security review of "Online Shop Project". - The vulnerability arises from insufficient user input validation of the 'search' parameter, allowing attackers to inject malicious SQL queries. - This can lead to unauthorized database access, data modification or deletion, and access to sensitive information. Source: https://github.com/xiaojuzirr/cve/issues/4 User: xiaojuzirr (UID 91878) Submission Date: 11/13/2025 09:57 AM Moderation Date: 11/19/2025 08:21 PM Status: Accepted VulDB Entry: 333021 [SourceCodester Online Shop Project 1.0 /action.php Search sql injection] Points: 20