PT-2023-12251 · Unknown · Sourcecodester Mobile-Shop-System-Php-Mysql

Published

2023-02-24

Updated

2023-02-27

CVE-2021-34248

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions sourcecodester mobile-shop-system-php-mysql version 1.0

Description The issue allows remote attackers to log in via a crafted string in the email field of the log in page, due to a SQL injection vulnerability.

Recommendations For sourcecodester mobile-shop-system-php-mysql version 1.0, consider validating and sanitizing user input in the email field to prevent SQL injection attacks. As a temporary workaround, restrict access to the log in page until a patch is available.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-34248

Affected Products

Sourcecodester Mobile-Shop-System-Php-Mysql

PT-2023-12251 · Unknown · Sourcecodester Mobile-Shop-System-Php-Mysql

CVE-2021-34248

Related Identifiers

Affected Products

References · 3