CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-38890
https://notcve.org/view.php?id=CVE-2023-38890
18 Aug 2023 — Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. Online Shopping Portal Project v3.1 permite a atacantes remotos ejecutar comandos/consultas SQL arbitrarias a través del formulario de inicio de sesión, lo que conduce a un acceso no autorizad... • https://github.com/akshadjoshi/CVE-2023-38890 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37772
https://notcve.org/view.php?id=CVE-2023-37772
01 Aug 2023 — Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. • https://github.com/anky-123/CVE-2023-37772 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46110
https://notcve.org/view.php?id=CVE-2021-46110
18 Feb 2022 — Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. Se ha detectado que Online Shopping Portal versión v3.1, contiene múltiples vulnerabilidades de inyección SQL basadas en el tiempo por medio de los parámetros email y contactno • https://giant-falcon-36d.notion.site/Online-Shopping-Portal-2924d0ad55e94c4cb2359b0d098c4db6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37807
https://notcve.org/view.php?id=CVE-2021-37807
27 Oct 2021 — An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. Se presenta una vulnerabilidad de inyección SQL en https://phpgurukul.com Online Shopping Portal versión 3.1, por medio del parámetro email en el endpoint /check_availability.php que sirve para comprobar si el email de un nuevo usuario ya se presenta en la base de dat... • https://packetstormsecurity.com/files/163574/Online-Shopping-Portal-3.1-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •