SourceCodester Online Computer and Laptop Store User Registration login.php sql injection
CVE-2023-1955

7.3HIGH

Key Information:

Vendor

Sourcecodester
Status
Online Computer And Laptop Store
Vendor
CVE Published:
8 April 2023

What is CVE-2023-1955?

A SQL injection vulnerability exists in the SourceCodester Online Computer and Laptop Store's User Registration component. This flaw is found within the login.php file, where improper handling of the email parameter allows an attacker to manipulate SQL queries. The vulnerability can be exploited remotely, potentially compromising sensitive data and leading to unauthorized access. As the exploit has been publicly disclosed, it poses significant risks for users and administrators of the platform.

Affected Version(s)

Online Computer and Laptop Store 1.0

References

https://vuldb.com/?id.225342
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225342
signaturepermissions-required
https://github.com/boyi0508/Online-Computer-and-Laptop-St...
broken-linkexploit

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

haicheng.zhang (VulDB User)
JSON
.