PT-2023-17368 · Unknown · Sourcecodester Online Computer/Laptop Store

Haicheng.Zhang

Publicado

2023-04-08

Atualizado

2024-05-17

CVE-2023-1955

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Online Computer and Laptop Store version 1.0

Description A critical vulnerability has been found in the User Registration component of the affected software. The issue is related to the manipulation of the email argument in an unknown function of the file login.php, leading to sql injection. This can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For version 1.0, consider disabling the User Registration component or restricting access to the login.php file until a patch is available. As a temporary workaround, avoid using the email argument in the affected function to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-1955

Produtos afetados

Sourcecodester Online Computer/Laptop Store

PT-2023-17368 · Unknown · Sourcecodester Online Computer/Laptop Store

CVE-2023-1955

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7