SourceCodester Moosikay E-Commerce System POST Parameter order.php sql injection
CVE-2023-0997

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Moosikay E-Commerce System
Vendor
CVE Published:
24 February 2023

Summary

A vulnerability has been identified in the Moosikay E-Commerce System version 1.0, specifically within the /Moosikay/order.php file handling POST parameters. Malicious manipulation of the 'username' argument allows for SQL injection attacks, which can be executed remotely. This vulnerability exposes the system to potential unauthorized data access and manipulation, underscoring the need for immediate attention and remediation by users of the platform.

Affected Version(s)

Moosikay E-Commerce System 1.0

References

https://vuldb.com/?id.221732
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221732
signaturepermissions-required
https://github.com/jidle123/bug_report/blob/main/vendors/...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jidle (VulDB User)
.