What is GHSA-38q9-6v4m-v3h3?

GHSA-38q9-6v4m-v3h3 is a security advisory published by GitHub Security Advisories with High severity. Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated...

Which CVE IDs does GHSA-38q9-6v4m-v3h3 cover?

GHSA-38q9-6v4m-v3h3 covers the following CVE IDs: CVE-2018-25342. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-38q9-6v4m-v3h3?

GHSA-38q9-6v4m-v3h3 has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-38q9-6v4m-v3h3HighCVSS 8.2

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25342 →

📋 Description

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract sensitive database information including product details and system data.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25342
https://github.com/smakosh/Smartshop/archive/master.zip
https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website
https://www.exploit-db.com/exploits/44823
https://www.vulncheck.com/advisories/smartshop-1-sql-injection-via-search-php
https://github.com/advisories/GHSA-38q9-6v4m-v3h3