SourceCodester Online Computer and Laptop Store update_order_status sql injection
CVE-2023-1987

7.2HIGH

Key Information:

Vendor
SourceCodester
Status
Online Computer and Laptop Store
Vendor
CVE Published:
11 April 2023

Summary

A vulnerability exists in the SourceCodester Online Computer and Laptop Store version 1.0, specifically within the function responsible for updating order statuses. The flaw allows for SQL injection via manipulation of the 'id' argument, which can be exploited remotely. This vulnerability poses significant risks as it can enable attackers to execute unauthorized SQL commands, potentially leading to unauthorized access to sensitive data. Due to public disclosure of the exploit, immediate patching is recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

Online Computer and Laptop Store 1.0

References

https://vuldb.com/?id.225535
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225535
signaturepermissions-required
https://github.com/boyi0508/Online-Computer-and-Laptop-St...
broken-linkexploitpatch

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

muzishouchen (VulDB User)
.