Sourcecodester E-Commerce System vulnerabilities

CVE-2024-8089 [MEDIUM] CWE-434 CVE-2024-8089: A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critica A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and

CVE-2024-8087 [MEDIUM] CWE-89 CVE-2024-8087: A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This i A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This issue affects some unknown processing of the file /ecommerce/popup_Item.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-8086 [MEDIUM] CWE-89 CVE-2024-8086: A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. T A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the pu

CVE-2023-1557 [MEDIUM] CWE-284 CVE-2023-1557: A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Af A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to improper access controls. The attack may be launched remo

CVE-2023-1569 [LOW] CWE-79 CVE-2023-1569: A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affecte A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the argument U_NAME with the input alert('1') leads to cross site scripting. The attack can be launched remotely. The exploit has been

CVE-2023-1505 [MEDIUM] CWE-89 CVE-2023-1505: A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce Syste A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be ini

CVE-2023-1506 [MEDIUM] CWE-89 CVE-2023-1506: A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be diffic

CVE-2023-1507 [LOW] CWE-79 CVE-2023-1507: A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the argument CATEGORY leads to cross site scripting. The attack can be launched rem