SQL Injection Vulnerability in Phpjabbers PHP Shopping Cart 4.2
CVE-2023-43274

7.5HIGH

Key Information:

Vendor: PHPjabbers
Status: PHP Shopping Cart
Vendor: CVE Published:; 21 September 2023

What is CVE-2023-43274?

The Phpjabbers PHP Shopping Cart version 4.2 has a security flaw that allows attackers to execute SQL Injection attacks through the manipulation of the 'id' parameter. This vulnerability may enable unauthorized access to the database, potentially exposing sensitive data and compromising the integrity of the application. Developers and administrators should prioritize applying the latest patches and review their input validation mechanisms to mitigate this risk.

References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/mai...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 21, 2023
Vulnerability Reserved
Sep 18, 2023

PHPjabbers

What is CVE-2023-43274?

References

CVSS V3.1

Timeline