E-Commerce System Project E-Commerce System vulnerabilities

5 known vulnerabilities affecting e-commerce_system_project/e-commerce_system.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-1557CRITICALCVSS 9.8v1.02023-03-22
CVE-2023-1557 [CRITICAL] CWE-284 CVE-2023-1557: A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Af A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to improper access controls. The attack may be launched re
nvd
CVE-2023-1569MEDIUMCVSS 5.4v1.02023-03-22
CVE-2023-1569 [MEDIUM] CWE-79 CVE-2023-1569: A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affecte A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the argument U_NAME with the input alert('1') leads to cross site scripting. The attack can be launched remotely. The exploit has b
nvd
CVE-2023-1506HIGHCVSS 8.1v1.02023-03-20
CVE-2023-1506 [HIGH] CWE-89 CVE-2023-1506: A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficul
nvd
CVE-2023-1505HIGHCVSS 8.1v1.02023-03-20
CVE-2023-1505 [HIGH] CWE-89 CVE-2023-1505: A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce Syste A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initi
nvd
CVE-2023-1507MEDIUMCVSS 6.1v1.02023-03-20
CVE-2023-1507 [MEDIUM] CWE-79 CVE-2023-1507: A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the argument CATEGORY leads to cross site scripting. The attack can be launched
nvd