code-projects E-Commerce Website user_signup.php sql injection
CVE-2023-7107

9.8CRITICAL

Key Information:

Vendor: Code-projects
Status: E-commerce Website
Vendor: CVE Published:; 29 February 2024

Summary

A security vulnerability was identified in the E-Commerce Website 1.0, specifically in the file user_signup.php. This flaw allows for SQL injection attacks through the manipulation of various user input fields including firstname, middlename, email, address, contact, and username. Attackers can exploit this vulnerability remotely, potentially leading to unauthorized access to sensitive data. The vulnerability is tracked under VDB-249002 and emphasizes the importance of securing user input to prevent SQL injection.

Affected Version(s)

E-Commerce Website 1.0

References

https://vuldb.com/?id.249002

vdb-entrytechnical-description

https://vuldb.com/?ctiid.249002

signaturepermissions-required

https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Dec 25, 2023

Credit

Hamdi Sevben (VulDB User)