PT-2023-17370 · Unknown · Sourcecodester Online Computer/Laptop Store

Yanfei.Chen

Publicado

2023-04-08

Atualizado

2024-05-17

CVE-2023-1957

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Online Computer and Laptop Store version 1.0

Description A critical issue has been found in the Subcategory Handler component, specifically in the file /classes/Master.php?f=save sub category. The manipulation of the sub category argument leads to sql injection. This issue can be exploited remotely.

Recommendations For version 1.0, consider disabling the save sub category functionality in the /classes/Master.php file until a patch is available. Restrict access to the Subcategory Handler component to minimize the risk of exploitation. Avoid using the sub category argument in the affected API endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-1957

Produtos afetados

Sourcecodester Online Computer/Laptop Store

PT-2023-17370 · Unknown · Sourcecodester Online Computer/Laptop Store

CVE-2023-1957

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7