PSS Sale.com SQL Injection Vulnerability in Cancel Order Endpoint

Vulnerability

A SQL injection vulnerability has been identified in PSS Sale.com version 1.0. The issue arises in the 'id' parameter of the '/userfiles/php/cancel_order.php' endpoint, where insufficient input validation allows remote attackers to execute arbitrary SQL commands. This exploitation could lead to unauthorized information disclosure and potentially allow for code execution.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could result in unauthorized data access, data modification, or in some cases, executing arbitrary code on the server.

Added: Jan 9, 2026, 9:19 PM

Updated: Jan 9, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.1

remediation

0.0

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.1

remediation

0.0

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PSS Sale.com SQL Injection Vulnerability in Cancel Order Endpoint

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating