SQL Injection Vulnerability in Online Shopping Portal Project 3.1
CVE-2023-38890

8.8HIGH

Key Information:

Vendor: PHPgurukul
Status: Online Shopping Portal
Vendor: CVE Published:; 18 August 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Online Shopping Portal Project 3.1 suffers from a vulnerability that allows remote attackers to perform SQL Injection attacks through insufficient validation of user-supplied input in the login form. By exploiting this flaw, attackers can execute arbitrary SQL queries, leading to unauthorized access to sensitive data and potential manipulation of the database. Proper input validation and sanitation must be implemented to mitigate this critical security risk. For more details, visit the official reference at GitHub.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-38890
Created by akshadjoshi

References

https://github.com/akshadjoshi/CVE-2023-38890

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Aug 18, 2023
👾
Exploit known to exist
Aug 18, 2023
Vulnerability published
Aug 18, 2023
Vulnerability Reserved
Jul 25, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)