SourceCodester Online Eyewear Shop HTTP POST Request update_cart sql injection
CVE-2023-0686

5MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Online Eyewear Shop
Vendor: CVE Published:; 6 February 2023

🔔 Create Sourcecodester Vulnerability Alert

What is CVE-2023-0686?

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.

Affected Version(s)

Online Eyewear Shop 1.0

References

https://vuldb.com/?id.220245

vdb-entrytechnical-description

https://vuldb.com/?ctiid.220245

signature

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Feb 6, 2023

Credit

Pierfrancesco Conti