PT-2023-16942 · Sourcecodester · Sourcecodester Friendly Island Pizza Website/Ordering System

Zheng Yang

Publicado

2023-03-13

Atualizado

2024-05-17

CVE-2023-1378

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Friendly Island Pizza Website and Ordering System version 1.0

Description A critical issue was found in the POST Parameter Handler component of the paypalsuccess.php file. The manipulation of the cusid argument leads to SQL injection. This issue can be initiated remotely.

Recommendations For version 1.0, consider disabling the paypalsuccess.php file or restricting access to it until a patch is available. Avoid using the cusid argument in the affected POST parameter handler to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-1378

Produtos afetados

Sourcecodester Friendly Island Pizza Website/Ordering System

PT-2023-16942 · Sourcecodester · Sourcecodester Friendly Island Pizza Website/Ordering System

CVE-2023-1378

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6