CVE-2023-38890

Name of the Vulnerable Software and Affected Versions Online Shopping Portal Project version 3.1

Description The issue allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.

Recommendations For Online Shopping Portal Project version 3.1, consider temporarily disabling the login form or restricting access to it until a patch is available. Additionally, ensure proper validation and sanitization of user-supplied input in the username field to prevent SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.