CVE-2023-0686

Name of the Vulnerable Software and Affected Versions SourceCodester Online Eyewear Shop version 1.0

Description A critical issue has been found, affecting the function update cart of the file /oews/classes/Master.php?f=update cart in the HTTP POST Request Handler component. The manipulation of the cart id argument leads to SQL injection, allowing for remote attacks. The complexity of an attack is rather high, and the exploitability is told to be difficult.

Recommendations For SourceCodester Online Eyewear Shop version 1.0, consider disabling the update cart function until a patch is available. Restrict access to the /oews/classes/Master.php?f=update cart endpoint to minimize the risk of exploitation. Avoid using the cart id argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.