SourceCodester E-Commerce System Username access control
CVE-2023-1557

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: E-Commerce System
Vendor: CVE Published:; 22 March 2023

Summary

A vulnerability exists in the SourceCodester E-Commerce System's Username Handler, specifically within the /ecommerce/admin/user/controller.php file. This issue arises from improper access controls that allow an attacker to manipulate the USERID argument. Such manipulation may enable unauthorized actions on the system, potentially leading to significant security breaches. The attack can be executed remotely, which amplifies the risk for organizations utilizing this software.

Affected Version(s)

E-Commerce System 1.0

References

https://vuldb.com/?id.223550

vdb-entrytechnical-description

https://vuldb.com/?ctiid.223550

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2023
Vulnerability Reserved
Mar 22, 2023

Credit

WWesleywww (VulDB User)