A security vulnerability has been officially documented in the Online Shopping System in PHP developed by Projectworlds. The issue is tracked under the identifier JVNDB-2025-017790 and concerns an injection-type flaw within the software.

Vulnerability Details

The Japan Vulnerability Notes (JVN) iPedia database has published an advisory detailing a vulnerability in the Projectworlds Online Shopping System in PHP. The official title of the report is “Projectworlds の Online Shopping System in PHP におけるインジェクションに関する脆弱性,” which translates to “Vulnerability concerning injection in Projectworlds’ Online Shopping System in PHP.” The flaw is classified as an injection vulnerability.

Official Reporting and Identification

The information regarding this security flaw was released by the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and the Information-technology Promotion Agency, Japan (IPA). The vulnerability has been assigned the unique identifier JVNDB-2025-017790 by the Japan Vulnerability Notes database. No further details regarding specific affected versions or exploitation methods have been provided in the initial public disclosure.

Source: http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2025-017790_AD_1.html