CVE-2023-0686

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.
References
Link Resource
https://vuldb.com/?ctiid.220245 Permissions Required Third Party Advisory
https://vuldb.com/?id.220245 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:online_eyewear_shop:1.0:*:*:*:*:*:*:*

History

07 Sep 2024, 12:56

Type Values Removed Values Added
CPE cpe:2.3:a:online_eyewear_shop_project:online_eyewear_shop:1.0:*:*:*:*:*:*:* cpe:2.3:a:oretnom23:online_eyewear_shop:1.0:*:*:*:*:*:*:*
First Time Oretnom23 online Eyewear Shop
Oretnom23

06 Feb 2024, 20:22

Type Values Removed Values Added
CWE CWE-89

07 Nov 2023, 04:01

Type Values Removed Values Added
CWE CWE-89

20 Oct 2023, 21:15

Type Values Removed Values Added
Summary A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability. A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.
CWE CWE-89

Information

Published : 2023-02-06 20:15

Updated : 2024-09-07 12:56


NVD link : CVE-2023-0686

Mitre link : CVE-2023-0686

CVE.ORG link : CVE-2023-0686


JSON object : View

Products Affected

oretnom23

  • online_eyewear_shop
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')