A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?id.229429 | Third Party Advisory |
| https://vuldb.com/?ctiid.229429 | Permissions Required Third Party Advisory |
| https://github.com/raozhir/CVERequest/blob/main/SQL.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
25 May 2023, 20:27
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Online Jewelry Store Project
Online Jewelry Store Project online Jewelry Store |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:online_jewelry_store_project:online_jewelry_store:1.0:*:*:*:*:*:*:* | |
| References | (MISC) https://github.com/raozhir/CVERequest/blob/main/SQL.md - Exploit, Third Party Advisory | |
| References | (MISC) https://vuldb.com/?ctiid.229429 - Permissions Required, Third Party Advisory | |
| References | (MISC) https://vuldb.com/?id.229429 - Third Party Advisory |
19 May 2023, 17:53
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-05-19 17:15
Updated : 2023-05-25 20:27
NVD link : CVE-2023-2815
Mitre link : CVE-2023-2815
JSON object : View
Products Affected
online_jewelry_store_project
- online_jewelry_store
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')