CVE-2023-1505

CWE-89SQL Injection3 documents3 sources
Severity
8.1HIGH
EPSS
0.3%
top 49.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester E-commerce SystemE-commerce System Project E-commerce System
Timeline
PublishedMar 20

Description

A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the publ

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-8w38-x469-hfxf: A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 12023-03-20
CVEList
SourceCodester E-Commerce System setDiscount.php sql injection2023-03-20
CVE-2023-1505 (HIGH CVSS 8.1) | A vulnerability | cvebase.io