SQL Injection Vulnerability in E-Commerce-PHP by Kurniaramadhan
CVE-2024-13204

5.3MEDIUM

Key Information:

Vendor
Kurniaramadhan
Status
E-commerce-PHP
Vendor
CVE Published:
9 January 2025

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

A remote SQL injection vulnerability exists in E-Commerce-PHP 1.0, specifically within the /blog-details.php file. This flaw arises from improper handling of the blog_id parameter, allowing attackers to manipulate database queries. As a result, unauthorized access to sensitive data could occur. The vendor has not responded to initial reports regarding this issue, increasing the potential risks for those using the affected version.

Affected Version(s)

E-Commerce-PHP 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maloy Roy Orko
MaloyRoyOrko (VulDB User)
.