Search criteria
6 vulnerabilities by sanchitkmr
CVE-2024-3347 (GCVE-0-2024-3347)
Vulnerability from cvelistv5 – Published: 2024-04-05 16:00 – Updated: 2025-02-27 19:27
VLAI?
Title
SourceCodester Airline Ticket Reservation System activate_jet_details_form_handler.php sql injection
Summary
A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activate_jet_details_form_handler.php. The manipulation of the argument jet_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259451.
Severity ?
7.3 (High)
7.3 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Airline Ticket Reservation System |
Affected:
1.0
|
Credits
liuann (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:airline_ticket_reservation_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "airline_ticket_reservation_system",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3347",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T19:26:52.220158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T19:27:16.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259451 | SourceCodester Airline Ticket Reservation System activate_jet_details_form_handler.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259451"
},
{
"name": "VDB-259451 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259451"
},
{
"name": "Submit #310184 | https://www.sourcecodester.com/ Airline Ticket Reservation System 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.310184"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/main/Airline-Ticket-Reservation-System-01.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Airline Ticket Reservation System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activate_jet_details_form_handler.php. The manipulation of the argument jet_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259451."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SourceCodester Airline Ticket Reservation System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei activate_jet_details_form_handler.php. Mittels dem Manipulieren des Arguments jet_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T16:00:05.728Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259451 | SourceCodester Airline Ticket Reservation System activate_jet_details_form_handler.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259451"
},
{
"name": "VDB-259451 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259451"
},
{
"name": "Submit #310184 | https://www.sourcecodester.com/ Airline Ticket Reservation System 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.310184"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/main/Airline-Ticket-Reservation-System-01.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-05T07:42:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Airline Ticket Reservation System activate_jet_details_form_handler.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3347",
"datePublished": "2024-04-05T16:00:05.728Z",
"dateReserved": "2024-04-05T05:37:50.278Z",
"dateUpdated": "2025-02-27T19:27:16.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3534 (GCVE-0-2023-3534)
Vulnerability from cvelistv5 – Published: 2023-07-07 12:00 – Updated: 2024-08-02 06:55
VLAI?
Title
SourceCodester Shopping Website check_availability.php sql injection
Summary
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Shopping Website |
Affected:
1.0
|
Credits
DUA0G (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.233286"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.233286"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DUA0G/cve/blob/main/1.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shopping Website",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "DUA0G (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Shopping Website 1.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei check_availability.php. Durch das Beeinflussen des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T14:09:49.310Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.233286"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.233286"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DUA0G/cve/blob/main/1.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-07T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-25T12:09:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Shopping Website check_availability.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3534",
"datePublished": "2023-07-07T12:00:04.953Z",
"dateReserved": "2023-07-07T11:51:04.463Z",
"dateUpdated": "2024-08-02T06:55:03.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3503 (GCVE-0-2023-3503)
Vulnerability from cvelistv5 – Published: 2023-07-04 14:31 – Updated: 2024-10-31 19:46
VLAI?
Title
SourceCodester Shopping Website insert-product.php unrestricted upload
Summary
A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Shopping Website |
Affected:
1.0
|
Credits
HuangZhengWei (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.232951"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.232951"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:shopping_website:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "shopping_website",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3503",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T19:45:16.018650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T19:46:51.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Shopping Website",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "HuangZhengWei (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951."
},
{
"lang": "de",
"value": "In SourceCodester Shopping Website 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei insert-product.php. Durch Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T14:02:30.253Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.232951"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.232951"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Turbo51/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20%20insert-product.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-04T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-23T08:47:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Shopping Website insert-product.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3503",
"datePublished": "2023-07-04T14:31:03.508Z",
"dateReserved": "2023-07-04T13:26:25.621Z",
"dateUpdated": "2024-10-31T19:46:51.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3502 (GCVE-0-2023-3502)
Vulnerability from cvelistv5 – Published: 2023-07-04 14:00 – Updated: 2024-08-02 06:55
VLAI?
Title
SourceCodester Shopping Website search-result.php sql injection
Summary
A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Shopping Website |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.232950"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.232950"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/MoeMion233/VulHub/blob/main/Shopping%20Website%20(E-Commerce)%20search-result.php%20has%20Sqlinjection.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shopping Website",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Shopping Website 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei search-result.php. Durch die Manipulation des Arguments product mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T14:01:17.098Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.232950"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.232950"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/MoeMion233/VulHub/blob/main/Shopping%20Website%20(E-Commerce)%20search-result.php%20has%20Sqlinjection.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-04T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-23T08:41:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Shopping Website search-result.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3502",
"datePublished": "2023-07-04T14:00:04.782Z",
"dateReserved": "2023-07-04T13:26:23.494Z",
"dateUpdated": "2024-08-02T06:55:03.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3458 (GCVE-0-2023-3458)
Vulnerability from cvelistv5 – Published: 2023-06-29 13:31 – Updated: 2024-08-02 06:55
VLAI?
Title
SourceCodester Shopping Website forgot-password.php sql injection
Summary
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Shopping Website |
Affected:
1.0
|
Credits
Appledog (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.232675"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.232675"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/AD-Appledog/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20forgot-password.php%20has%20Sqlinjection.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shopping Website",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Appledog (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675."
},
{
"lang": "de",
"value": "In SourceCodester Shopping Website 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei forgot-password.php. Durch die Manipulation des Arguments contact mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T13:50:17.226Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.232675"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.232675"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/AD-Appledog/CveHubList/blob/main/Shopping%20Website%20(E-Commerce)%20forgot-password.php%20has%20Sqlinjection.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-21T11:32:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Shopping Website forgot-password.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3458",
"datePublished": "2023-06-29T13:31:04.889Z",
"dateReserved": "2023-06-29T12:55:18.014Z",
"dateUpdated": "2024-08-02T06:55:03.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3457 (GCVE-0-2023-3457)
Vulnerability from cvelistv5 – Published: 2023-06-29 13:31 – Updated: 2024-08-02 06:55
VLAI?
Title
SourceCodester Shopping Website index.php sql injection
Summary
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Shopping Website |
Affected:
1.0
|
Credits
XuZiJie (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.232674"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.232674"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/qwegz/CveList/blob/main/Shopping%20Website%20(E-Commerce)%20%20index.php%20has%20Sqlinjection.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shopping Website",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "XuZiJie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Shopping Website 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei index.php. Mit der Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T13:49:04.011Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.232674"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.232674"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/qwegz/CveList/blob/main/Shopping%20Website%20(E-Commerce)%20%20index.php%20has%20Sqlinjection.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-21T11:16:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Shopping Website index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3457",
"datePublished": "2023-06-29T13:31:03.915Z",
"dateReserved": "2023-06-29T12:55:15.889Z",
"dateUpdated": "2024-08-02T06:55:03.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}