SQL Injection Vulnerability in Online Shopping Portal Project v3.1 by PHP Gurukul
CVE-2023-37772

8.8HIGH

Key Information:

Vendor: PHPgurukul
Status: Online Shopping Portal
Vendor: CVE Published:; 1 August 2023

Badges

👾 Exploit Exists

Summary

An SQL injection vulnerability has been identified in version 3.1 of the Online Shopping Portal Project by PHP Gurukul. This flaw occurs through the Email parameter within the /shopping/login.php endpoint, allowing unauthorized users to manipulate database queries. Exploiting this vulnerability could potentially lead to the exposure of sensitive information or unauthorized access to backend databases, threatening the integrity and confidentiality of user data.

References

https://phpgurukul.com/

http://phpgurukul.com/shopping-portal-free-download/

https://github.com/anky-123/CVE-2023-37772/blob/main/CVE-2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2023
🟡
Public PoC available
Jul 27, 2023
👾
Exploit known to exist
Jul 27, 2023
Vulnerability Reserved
Jul 10, 2023

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)