Alphaware Simple E-Commerce System Project Alphaware Simple E-Commerce System vulnerabilities

5 known vulnerabilities affecting alphaware_simple_e-commerce_system_project/alphaware_simple_e-commerce_system.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-1502HIGHCVSS 8.1v1.02023-03-20
CVE-2023-1502 [HIGH] CWE-89 CVE-2023-1502: A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rate A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be l
nvd
CVE-2023-1503HIGHCVSS 8.1v1.02023-03-20
CVE-2023-1503 [HIGH] CWE-89 CVE-2023-1503: A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate the
nvd
CVE-2023-1504HIGHCVSS 8.1v1.02023-03-20
CVE-2023-1504 [HIGH] CWE-89 CVE-2023-1504: A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce Syste A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. T
nvd
CVE-2023-26905CRITICALCVSS 9.8v1.02023-03-19
CVE-2023-26905 [CRITICAL] CWE-89 CVE-2023-26905: An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id.
nvd
CVE-2023-0998MEDIUMCVSS 5.3v1.02023-02-24
CVE-2023-0998 [MEDIUM] CWE-284 CVE-2023-0998: A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been
nvd