CVE-2021-34248

Name of the Vulnerable Software and Affected Versions sourcecodester mobile-shop-system-php-mysql version 1.0

Description The issue allows remote attackers to log in via a crafted string in the email field of the log in page, due to a SQL injection vulnerability.

Recommendations For sourcecodester mobile-shop-system-php-mysql version 1.0, consider validating and sanitizing user input in the email field to prevent SQL injection attacks. As a temporary workaround, restrict access to the log in page until a patch is available.