SourceCodester Online Computer and Laptop Store manage.php save_inventory sql injection
CVE-2023-1954

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Online Computer and Laptop Store
Vendor
CVE Published:
8 April 2023

What is CVE-2023-1954?

A vulnerability in the SourceCodester Online Computer and Laptop Store version 1.0 allows for SQL injection through the 'save_inventory' function in the '/admin/product/manage.php' file. The exploitation of this vulnerability can be initiated remotely, potentially leading to unauthorized access to sensitive data. Due to public disclosure, this vulnerability is of particular concern, as attackers may leverage it to compromise the integrity of the application and its database.

Affected Version(s)

Online Computer and Laptop Store 1.0

References

https://vuldb.com/?id.225341
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225341
signaturepermissions-required
https://github.com/boyi0508/Online-Computer-and-Laptop-St...
broken-linkexploitpatch

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

haicheng.zhang (VulDB User)
.