Secpconti

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Eyewear Shop version 1.0 **Description** A critical vulnerability was found in the software, affecting an unknown functionality of the file oews/products/view product.php. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. **Recommendations** For version 1.0, consider disabling the `id` argument in the affected file oews/products/view product.php as a temporary workaround until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved.