SourceCodester Online Computer and Laptop Store Master.php register sql injection
CVE-2023-5373

7.3HIGH

Key Information:

Vendor

Sourcecodester
Status
Online Computer And Laptop Store
Vendor
CVE Published:
4 October 2023

What is CVE-2023-5373?

A security vulnerability has been identified in the Online Computer and Laptop Store software developed by SourceCodester. This SQL injection vulnerability, found in the 'register' function of the 'Master.php' file, allows attackers to manipulate the 'email' argument. The flaw can be exploited remotely, potentially allowing unauthorized access to the database. The exploit has already been publicly disclosed, increasing the urgency for users to secure their applications against possible attacks. It is crucial to update to the latest version or implement appropriate security measures to mitigate risks.

Affected Version(s)

Online Computer and Laptop Store 1.0

References

https://vuldb.com/?id.241254
vdb-entrytechnical-description
https://vuldb.com/?ctiid.241254
signaturepermissions-required
https://github.com/Szlllc/Cve/blob/main/Computer%20and%20...
exploit

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

szlllc (VulDB User)
JSON
.