CVE-2023-7188

Name of the Vulnerable Software and Affected Versions Shipping 100 Fahuo100 versions up to 1.1

Description A critical vulnerability has been found in Shipping 100 Fahuo100. The issue affects an unknown function of the file member/login.php. The manipulation of the argument M pwd leads to sql injection. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations For Shipping 100 Fahuo100 versions up to 1.1, as a temporary workaround, consider restricting access to the member/login.php file until a patch is available. Avoid using the argument M pwd in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.