SQL Injection Vulnerability in E-Commerce-PHP by Kurniaramadhan
CVE-2024-13204
5.3MEDIUM
Key Information:
- Vendor
- Kurniaramadhan
- Status
- E-commerce-PHP
- Vendor
- CVE Published:
- 9 January 2025
Badges
👾 Exploit Exists
Summary
A remote SQL injection vulnerability exists in E-Commerce-PHP 1.0, specifically within the /blog-details.php file. This flaw arises from improper handling of the blog_id parameter, allowing attackers to manipulate database queries. As a result, unauthorized access to sensitive data could occur. The vendor has not responded to initial reports regarding this issue, increasing the potential risks for those using the affected version.
Affected Version(s)
E-Commerce-PHP 1.0
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Maloy Roy Orko
MaloyRoyOrko (VulDB User)