SourceCodester Online Eyewear Shop GET Parameter update_status.php sql injection
CVE-2023-2244

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Online Eyewear Shop
Vendor
CVE Published:
22 April 2023

Summary

A vulnerability has been detected in the SourceCodester Online Eyewear Shop version 1.0, specifically within the GET Parameter Handler of the /admin/orders/update_status.php file. This vulnerability is triggered through improper handling of the 'id' argument, allowing attackers to execute SQL injection attacks remotely. The implications of this vulnerability could lead to unauthorized data manipulation or access. The details have been publicly disclosed, which raises the risk of exploitation.

Affected Version(s)

Online Eyewear Shop 1.0

References

https://vuldb.com/?id.227229
vdb-entrytechnical-description
https://vuldb.com/?ctiid.227229
signaturepermissions-required
https://github.com/T4y1oR/bug_report/blob/main/SQLi-1.md
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

T4y1oR (VulDB User)
.