SQL Injection Vulnerability in Online Shopping Portal by PhpGurukul
CVE-2021-37807

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Online Shopping Portal
Vendor: CVE Published:; 27 October 2021

Summary

The Online Shopping Portal 3.1 by PhpGurukul contains an SQL Injection vulnerability that affects the '/check_availability.php' endpoint. By manipulating the 'email' parameter, an unauthorized user can potentially access sensitive data or perform unauthorized actions within the system. This issue allows for the exploitation of the database through crafted inputs, underscoring the importance of validating and sanitizing user inputs to enhance the security posture of the application.

References

https://packetstormsecurity.com/files/163574/Online-Shopp...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2021
Vulnerability Reserved
Aug 2, 2021