CVE-2025-1956
https://code-projects.org/shopping-portal-using-php-source-code/
/Shopping/Admin/index.php
In the /Shopping/Admin/index.php file of Shopping Portal System, the username and password parameter is obtained, and the SQL statement is concatenated to the SQL statement without filtering the execution, resulting in SQL injection vulnerabilities and login as administrator
Code analysis
The two parameters of the login interface are not filtered, resulting in sql injection
admin' or 1=1-- -
Login to trigger the SQL injection vulnerability.
Result
