CVE-2023-1503

Name of the Vulnerable Software and Affected Versions SourceCodester Alphaware Simple E-Commerce System version 1.0

Description A critical issue has been found in the SourceCodester Alphaware Simple E-Commerce System, affecting an unknown part of the file admin/admin index.php. The manipulation of the username and password arguments with a specific input leads to SQL injection. This can be initiated remotely. The complexity of an attack is rather high, and the exploitability is difficult. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider temporarily restricting access to the admin/admin index.php file until a patch is available. As a mitigation measure, avoid using the username and password arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.