CVE-2023-1506

A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-223410 is the identifier assigned to this vulnerability.
References
Link Resource
https://vuldb.com/?ctiid.223410 Third Party Advisory
https://vuldb.com/?id.223410 Third Party Advisory
https://vuldb.com/?ctiid.223410 Third Party Advisory
https://vuldb.com/?id.223410 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:e-commerce_system_project:e-commerce_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:39

Type Values Removed Values Added
CVSS v2 : 5.1
v3 : 8.1
v2 : 5.1
v3 : 5.6
References () https://vuldb.com/?ctiid.223410 - Third Party Advisory () https://vuldb.com/?ctiid.223410 - Third Party Advisory
References () https://vuldb.com/?id.223410 - Third Party Advisory () https://vuldb.com/?id.223410 - Third Party Advisory

02 Feb 2024, 16:14

Type Values Removed Values Added
CWE CWE-89
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.1

07 Nov 2023, 04:03

Type Values Removed Values Added
CWE CWE-89

21 Oct 2023, 10:15

Type Values Removed Values Added
CWE CWE-89
Summary A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223410 is the identifier assigned to this vulnerability. A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-223410 is the identifier assigned to this vulnerability.

Information

Published : 2023-03-20 10:15

Updated : 2024-11-21 07:39


NVD link : CVE-2023-1506

Mitre link : CVE-2023-1506

CVE.ORG link : CVE-2023-1506


JSON object : View

Products Affected

e-commerce_system_project

  • e-commerce_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')