SourceCodester Shopping Website search-result.php sql injection
CVE-2023-3502

7.5HIGH

Key Information:

Vendor

SourceCodester
Status
Shopping Website
Vendor
CVE Published:
4 July 2023

What is CVE-2023-3502?

A vulnerability exists in the SourceCodester Shopping Website 1.0, specifically within the search-result.php file, where improper handling of user input allows an attacker to manipulate the 'product' argument. This results in SQL injection, enabling remote exploitation. The vulnerability has been publicly disclosed, posing a risk to users of the affected software, and it allows unauthorized access to database information through crafted SQL queries.

Affected Version(s)

Shopping Website 1.0

References

https://vuldb.com/?id.232950
vdb-entrytechnical-description
https://vuldb.com/?ctiid.232950
signaturepermissions-required
https://github.com/MoeMion233/VulHub/blob/main/Shopping%2...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.