CVE-2020-25362

Name of the Vulnerable Software and Affected Versions Online Shopping Alphaware version 1.0

Description The issue is related to the id parameter in the web application, which is vulnerable to an Error-Based blind SQL injection. This vulnerability allows an attacker to execute arbitrary SQL commands and gain access to sensitive data. The vulnerability is specifically located in the /alphaware/details.php path, allowing an attacker to retrieve all databases.

Recommendations For Online Shopping Alphaware version 1.0, consider restricting access to the /alphaware/details.php path until a patch is available. Additionally, as a temporary workaround, avoid using the id parameter in the affected API endpoint until the issue is resolved.