CVE-2023-38890 — SQL Injection in Online Shopping Portal

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

3.2%

top 12.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Online Shopping Portal

Timeline

PublishedAug 18

Description

Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDphpgurukul/online_shopping_portal3.1

🔴Vulnerability Details

CVEList

CVE-2023-38890: Online Shopping Portal Project 3↗2023-08-18

▶

GHSA

GHSA-52qf-8fcc-9f9g: Online Shopping Portal Project 3↗2023-08-18

▶