SourceCodester Shopping Website check_availability.php sql injection
CVE-2023-3534

7.5HIGH

Key Information:

Vendor

SourceCodester
Status
Shopping Website
Vendor
CVE Published:
7 July 2023

What is CVE-2023-3534?

A SQL injection vulnerability exists in the SourceCodester Shopping Website version 1.0, where the email argument in the check_availability.php file can be manipulated. This allows attackers to execute arbitrary SQL commands, potentially compromising the database and exposing sensitive information. The vulnerability can be exploited remotely, making it a significant concern for users of this e-commerce platform. Awareness and prompt remediation are essential to safeguarding against potential attacks.

Affected Version(s)

Shopping Website 1.0

References

https://vuldb.com/?id.233286
vdb-entrytechnical-description
https://vuldb.com/?ctiid.233286
signaturepermissions-required
https://github.com/DUA0G/cve/blob/main/1.pdf
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

DUA0G (VulDB User)
.