SQL Injection Vulnerability in E-Commerce-PHP by Kurniaramadhan
CVE-2024-13204

5.3MEDIUM

Key Information:

Vendor
Kurniaramadhan
Status
E-commerce-PHP
Vendor
CVE Published:
9 January 2025

Badges

👾 Exploit Exists

Summary

A remote SQL injection vulnerability exists in E-Commerce-PHP 1.0, specifically within the /blog-details.php file. This flaw arises from improper handling of the blog_id parameter, allowing attackers to manipulate database queries. As a result, unauthorized access to sensitive data could occur. The vendor has not responded to initial reports regarding this issue, increasing the potential risks for those using the affected version.

Affected Version(s)

E-Commerce-PHP 1.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maloy Roy Orko
MaloyRoyOrko (VulDB User)
.