SourceCodester Online Computer and Laptop Store GET Parameter sql injection
CVE-2023-2242

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Online Computer and Laptop Store
Vendor
CVE Published:
22 April 2023

What is CVE-2023-2242?

A vulnerability exists within SourceCodester's Online Computer and Laptop Store 1.0, specifically relating to its GET Parameter Handler component. By manipulating the argument 'c/s', an attacker is able to execute SQL injection attacks, which can be executed remotely. This vulnerability reveals a critical oversight in input validation, allowing unauthorized access and exploitation of the application's database framework. Security measures and patches are urgently recommended to mitigate associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Online Computer and Laptop Store 1.0

References

https://vuldb.com/?id.227227
vdb-entrytechnical-description
https://vuldb.com/?ctiid.227227
signaturepermissions-required
https://docs.google.com/document/d/1GZt9MKB2K-nDrg0cnrnU6...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

T4y1oR_Xu (VulDB User)
JSON
.