online-shopping-system-advanced 1.0- https://github.com/PuneethReddyHC/online-shopping-system-advanced
The file register.php handles user registration. At line 117, the POST parameters "$address1" and $address2" are unsanitized, unlike the e-mail, names and number, this leads to a SQL injection during the evaluation of the VALUES() statement.
To exploit the vulnerability, send a POST request to the "register.php" file, adding a "address1" POST parameter with a SQL Injection payload that escapes the statement context. Alternatively, an attacker can use the "sqlmap" utility to exploit the issue automatically.