Campcodes Retro Basketball Shoes Online Store faqs.php sql injection
CVE-2023-2204

7.5HIGH

Key Information:

Vendor

Campcodes

Status
Retro Basketball Shoes Online Store
Vendor
CVE Published:
21 April 2023

What is CVE-2023-2204?

A vulnerability in Campcodes' Retro Basketball Shoes Online Store 1.0 affects the faqs.php file, where improper handling of the 'id' parameter allows for SQL injection attacks. This weakness can be exploited by remote attackers, potentially leading to unauthorized access to the database. Given the exploit has been publicly disclosed, users of affected versions should take immediate action to secure their systems.

Affected Version(s)

Retro Basketball Shoes Online Store 1.0

References

https://vuldb.com/?id.226969
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226969
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Retro%20Basket...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.
CVE-2023-2204 : Campcodes Retro Basketball Shoes Online Store faqs.php sql injection