CVE-2023-1504

Name of the Vulnerable Software and Affected Versions SourceCodester Alphaware Simple E-Commerce System version 1.0

Description A critical issue was found in the software, affecting unknown code. The manipulation of the email and password arguments with a specific input leads to SQL injection. The attack can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider temporarily restricting access to the login functionality to minimize the risk of exploitation. Avoid using the email and password arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.