SourceCodester Simple and Beautiful Shopping Cart System delete_user_query.php sql injection
CVE-2023-1940

9.1CRITICAL

Key Information:

Vendor

SourceCodester
Status
Simple and Beautiful Shopping Cart System
Vendor
CVE Published:
7 April 2023

What is CVE-2023-1940?

A SQL injection vulnerability has been identified in the Simple and Beautiful Shopping Cart System developed by SourceCodester. This issue arises from an insufficiently validated user_id parameter within the delete_user_query.php file, allowing remote attackers to execute arbitrary SQL commands. With the potential for exploiting this vulnerability publicly known, unauthorized access to sensitive user data is a serious risk. Therefore, it is imperative to address this risk promptly to fortify web application security.

Affected Version(s)

Simple and Beautiful Shopping Cart System 1.0

References

https://vuldb.com/?id.225316
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225316
signaturepermissions-required
https://github.com/anchnet-security/Mkshope/blob/main/sim...
exploit

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anchnet-security (VulDB User)
.