CVE-2021-43158 - Vulnerability Details - OpenCVE

In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00113.

Key SSVC decision points have not yet been added.

Vendors	Products
Projectworlds	Online Shopping System

Configuration 1 [-]

cpe:2.3:a:projectworlds:online_shopping_system:1.0:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-30105	In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2
https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/

History

Wed, 29 Oct 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Projectworlds online Shopping System
CPEs	cpe:2.3:a:projectworlds:online_shopping_system_in_php:1.0:::::::*	cpe:2.3:a:projectworlds:online_shopping_system:1.0:::::::*
Vendors & Products	Projectworlds online Shopping System In Php	Projectworlds online Shopping System

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-22T17:27:07

Updated: 2024-08-04T03:47:13.569Z

Reserved: 2021-11-01T00:00:00

Link: CVE-2021-43158

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-22T18:15:07.687

Modified: 2025-10-29T16:38:11.637

Link: CVE-2021-43158

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-22T17:27:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-43158", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/", "refsource": "MISC", "url": "https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/"}, {"name": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2", "refsource": "MISC", "url": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:47:13.569Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43158", "datePublished": "2021-12-22T17:27:07", "dateReserved": "2021-11-01T00:00:00", "dateUpdated": "2024-08-04T03:47:13.569Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:projectworlds:online_shopping_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B310FEE-BFE3-4D4A-96F0-C4B7345B115F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart."}, {"lang": "es", "value": "En ProjectWorlds Online Shopping System PHP versi\u00f3n 1.0, una vulnerabilidad de tipo CSRF en el archivo cart_remove.php permite a un atacante remoto eliminar cualquier producto del carrito del cliente"}], "id": "CVE-2021-43158", "lastModified": "2025-10-29T16:38:11.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-22T18:15:07.687", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/projectworldsofficial/online-shopping-webvsite-in-php/issues/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://projectworlds.in/free-projects/php-projects/free-download-online-shopping-system/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}