CVE-2023-7107
code-projects E-Commerce Website user_signup.php sql injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability.
Se encontró una vulnerabilidad en code-projects E-Commerce Website 1.0. Ha sido calificada como crítica. Una función desconocida del archivo user_signup.php es afectada por esta vulnerabilidad. La manipulación del argumento nombre/segundo nombre/correo electrónico/dirección/contacto/nombre de usuario conduce a la inyección de SQL. El ataque puede lanzarse de forma remota. VDB-249002 es el identificador asignado a esta vulnerabilidad.
Eine kritische Schwachstelle wurde in code-projects E-Commerce Website 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei user_signup.php. Mittels Manipulieren des Arguments firstname/middlename/email/address/contact/username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-12-25 CVE Reserved
- 2023-12-25 CVE Published
- 2023-12-26 EPSS Updated
- 2024-08-14 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md | Related | |
https://vuldb.com/?id.249002 | Technical Description |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Code-projects Search vendor "Code-projects" | E-Commerce Website Search vendor "Code-projects" for product "E-Commerce Website" | 1.0 Search vendor "Code-projects" for product "E-Commerce Website" and version "1.0" | en |
Affected
|