SourceCodester Online Eyewear Shop HTTP POST Request update_cart sql injection
CVE-2023-0686

5MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Online Eyewear Shop
Vendor: CVE Published:; 6 February 2023

🔔 Create Sourcecodester Vulnerability Alert

What is CVE-2023-0686?

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Online Eyewear Shop 1.0

References

https://vuldb.com/?id.220245

vdb-entrytechnical-description

https://vuldb.com/?ctiid.220245

signature

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Feb 6, 2023

Credit

Pierfrancesco Conti

pcontiCP (VulDB User)

JSON

Sourcecodester