CVE-2023-1557

Name of the Vulnerable Software and Affected Versions SourceCodester E-Commerce System version 1.0

Description A critical issue affects some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the USERID argument leads to improper access controls. The attack may be launched remotely.

Recommendations For SourceCodester E-Commerce System version 1.0, consider disabling the controller.php file or restricting access to the /ecommerce/admin/user/ endpoint until a patch is available. As a temporary workaround, avoid using the USERID argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.