CVE-2023-0686

Опубликовано: 06 фев. 2023

Источник: nvd

CVSS3: 5

CVSS3: 9.8

CVSS2: 4.6

EPSS Низкий

Описание

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.

Ссылки

https://vuldb.com/?ctiid.220245
Permissions Required
Third Party Advisory
https://vuldb.com/?id.220245
Third Party Advisory
https://vuldb.com/?ctiid.220245
Permissions Required
Third Party Advisory
https://vuldb.com/?id.220245
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oretnom23:online_eyewear_shop:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00142

Низкий

5 Medium

CVSS3

9.8 Critical

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-fq5p-5w22-52xh

CVSS3: 9.8

github

около 3 лет назад

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability.

EPSS

Процентиль: 35%

0.00142

Низкий

5 Medium

CVSS3

9.8 Critical

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-89