SQL Injection Vulnerability in Online Shopping Portal Project 3.1
CVE-2023-38890
8.8HIGH
Key Information:
- Vendor
PHPgurukul
- Status
- Vendor
- CVE Published:
- 18 August 2023
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2023-38890?
The Online Shopping Portal Project 3.1 suffers from a vulnerability that allows remote attackers to perform SQL Injection attacks through insufficient validation of user-supplied input in the login form. By exploiting this flaw, attackers can execute arbitrary SQL queries, leading to unauthorized access to sensitive data and potential manipulation of the database. Proper input validation and sanitation must be implemented to mitigate this critical security risk. For more details, visit the official reference at GitHub.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.