SourceCodester Online Jewelry Store login.php sql injection
CVE-2023-3985

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Online Jewelry Store
Vendor
CVE Published:
28 July 2023

What is CVE-2023-3985?

A vulnerability exists in the SourceCodester Online Jewelry Store resulting from improper handling of user inputs in the login.php file. Attackers can exploit this weakness by manipulating the username/password parameters, allowing for unauthorized SQL commands to be executed. This can lead to unauthorized data access and manipulation. The vulnerability is accessible remotely and has been publicly disclosed, making it crucial for users to implement mitigations promptly.

Affected Version(s)

Online Jewelry Store 1.0

References

https://vuldb.com/?id.235606
vdb-entrytechnical-description
https://vuldb.com/?ctiid.235606
signaturepermissions-required
https://github.com/MaxLiu98/Jewelry-Store-System/blob/mai...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pak43 (VulDB User)
JSON
.