SQL Injection Vulnerability in Alphaware E-Commerce System by Razormist
CVE-2023-26905

9.8CRITICAL

Key Information:

Vendor: Alphaware - Simple E-commerce System Project
Status: Alphaware - Simple E-commerce System
Vendor: CVE Published:; 19 March 2023

🔔 Create Alphaware - Simple E-commerce System Project Vulnerability Alert

What is CVE-2023-26905?

A SQL injection vulnerability has been identified in the Alphaware - Simple E-Commerce System version 1.0, allowing attackers to execute arbitrary SQL commands through the 'id' parameter in the details.php page. This flaw could permit unauthorized access to the backend database, leading to potential data breaches and manipulation. Proper validation and sanitization of input parameters are essential to mitigate the risks associated with such vulnerabilities.

References

https://github.com/1MurasaKi/bug_report/blob/main/vendors...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-26905 Data

JSON