CVE-2023-3502

CWE-89 — SQL Injection CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.5HIGH

EPSS

0.1%

top 82.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Shopping Website Sanchitkmr Shopping Website

Timeline

PublishedJul 4

Description

A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/shopping_website1.0

▶NVDsanchitkmr/shopping_website1.0

🔴Vulnerability Details

CVEList

SourceCodester Shopping Website search-result.php sql injection↗2023-07-04

▶

GHSA

GHSA-qx5c-g298-5rr8: A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1↗2023-07-04

▶

📋Vendor Advisories

Microsoft

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the f↗2023-02-14

▶

Red Hat

libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c↗2023-02-12

▶