SourceCodester Online Computer and Laptop Store Master.php sql injection
CVE-2023-2661

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Online Computer and Laptop Store
Vendor
CVE Published:
11 May 2023

Summary

A vulnerability exists in SourceCodester Online Computer and Laptop Store version 1.0 due to improper handling of input parameters in the file /classes/Master.php. This flaw allows attackers to manipulate the 'id' argument, enabling them to execute unauthorized SQL queries. The exploitation can be performed remotely, highlighting a significant risk for exposed web applications. Public disclosure of the exploit increases the urgency for affected users to implement mitigations.

Affected Version(s)

Online Computer and Laptop Store 1.0

References

https://vuldb.com/?id.228803
vdb-entrytechnical-description
https://vuldb.com/?ctiid.228803
signaturepermissions-required
https://github.com/xiahao90/CVEproject/blob/main/xiahao.w...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

webray.com.cn (VulDB User)
.