SourceCodester E-Commerce System setDiscount.php sql injection
CVE-2023-1505

8.1HIGH

Key Information:

Vendor: SourceCodester
Status: E-Commerce System
Vendor: CVE Published:; 20 March 2023

Summary

A SQL injection vulnerability exists in the SourceCodester E-Commerce System 1.0, specifically in the admin settings file /ecommerce/admin/settings/setDiscount.php. By manipulating the 'id' parameter, an attacker may execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data. This vulnerability allows for remote exploitation, with a complex attack pattern, making its successful execution challenging. The issue is publicly disclosed, raising concerns about its potential use in malicious activities.

Affected Version(s)

E-Commerce System 1.0

References

https://vuldb.com/?id.223409

vdb-entrytechnical-description

https://vuldb.com/?ctiid.223409

signature

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2023
Vulnerability Reserved
Mar 20, 2023

Credit

WWesleywww (VulDB User)