CVE-2023-1505

Name of the Vulnerable Software and Affected Versions SourceCodester E-Commerce System version 1.0

Description A critical issue has been found in the processing of the file /ecommerce/admin/settings/setDiscount.php, which is related to a lack of protection of the SQL query structure. This issue can be exploited to perform SQL injection, allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. The manipulation of the id argument with a specific input leads to this issue. The attack may be initiated remotely and the exploit has been disclosed to the public.

Recommendations As a temporary workaround, consider disabling access to the /ecommerce/admin/settings/setDiscount.php file until a patch is available. Restrict access to the id argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.