PT-2025-47187 · Unknown · Kashipara Ecommerce Website
Published
2025-11-17
·
Updated
2025-11-17
·
CVE-2024-44653
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kashipara Ecommerce Website version 1.0
Description
The software is susceptible to a SQL Injection issue through the
user email parameter in the user login.php file. This allows for potential unauthorized access or manipulation of data. The affected API endpoint is user login.php. The vulnerable parameter is user email.Recommendations
Apply appropriate sanitization and validation techniques to the
user email parameter in the user login.php file to prevent SQL Injection attacks.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kashipara Ecommerce Website