CVE-2023-1986

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGH
EPSS
0.4%
top 37.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Online Computer AND Laptop StoreOretnom23 Online Computer AND Laptop Store
Timeline
PublishedApr 11

Description

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225534 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-2p3q-c42r-jwmx: A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 12023-04-11
CVEList
SourceCodester Online Computer and Laptop Store delete_order sql injection2023-04-11
CVE-2023-1986 (HIGH CVSS 7.2) | A vulnerability | cvebase.io