SourceCodester E-Commerce System setDiscount.php sql injection
CVE-2023-1505
8.1HIGH
What is CVE-2023-1505?
A SQL injection vulnerability exists in the SourceCodester E-Commerce System 1.0, specifically in the admin settings file /ecommerce/admin/settings/setDiscount.php. By manipulating the 'id' parameter, an attacker may execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data. This vulnerability allows for remote exploitation, with a complex attack pattern, making its successful execution challenging. The issue is publicly disclosed, raising concerns about its potential use in malicious activities.
Affected Version(s)
E-Commerce System 1.0