VDB-249002 · CVE-2023-7107 · GCVE-100-249002

code-projects E-Commerce Website 1.0 user_signup.php SQL Injection

Hakika vulnerability da aka rarraba a matsayin kura an gano a code-projects E-Commerce Website 1.0. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil user_signup.php, a cikin sashi $software_component. Wuro manipulation of the argument firstname/middlename/email/address/contact/username ga SQL Injection. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-89. Lalle, rauni an sanar da shi 12/25/2023. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2023-7107. Ngam yiɗi ka a tuma ndiyam ka nder layi. Bayani na fasaha ga. Babu wani exploit da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí a wondi feere. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 84 Datenpunkte

Furɗe	Súgá 12/25/2023 15:16	Gargadi 1/2 01/19/2024 09:01	Gargadi 2/2 12/06/2024 21:08
price_0day	$0-$5k	$0-$5k	$0-$5k
software_vendor	code-projects	code-projects	code-projects
software_name	E-Commerce Website	E-Commerce Website	E-Commerce Website
software_version	1.0	1.0	1.0
software_file	user_signup.php	user_signup.php	user_signup.php
software_argument	firstname/middlename/email/address/contact/username	firstname/middlename/email/address/contact/username	firstname/middlename/email/address/contact/username
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md
source_cve	CVE-2023-7107	CVE-2023-7107	CVE-2023-7107
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1703458800 (12/25/2023)	1703458800 (12/25/2023)	1703458800 (12/25/2023)
software_type	E-Commerce Management Software	E-Commerce Management Software	E-Commerce Management Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	7.1	7.1	7.1
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	7.1	7.1	7.1
cvss3_meta_basescore	7.3	7.3	8.1
cvss3_meta_tempscore	7.1	7.1	8.1
cve_assigned		1703458800 (12/25/2023)	1703458800 (12/25/2023)
cve_nvd_summary		A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability.	A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability.
cve_nvd_summaryes			Se encontró una vulnerabilidad en code-projects E-Commerce Website 1.0. Ha sido calificada como crítica. Una función desconocida del archivo user_signup.php es afectada por esta vulnerabilidad. La manipulación del argumento nombre/segundo nombre/correo electrónico/dirección/contacto/nombre de usuario conduce a la inyección de SQL. El ataque puede lanzarse de forma remota. VDB-249002 es el identificador asignado a esta vulnerabilidad.
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cvss3_cna_basescore			7.3
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8
cvss2_cna_av			N
cvss2_cna_ac			L
cvss2_cna_au			N
cvss2_cna_ci			P
cvss2_cna_ii			P
cvss2_cna_ai			P
cvss2_cna_basescore			7.5
cvss4_vuldb_av			N
cvss4_vuldb_ac			L
cvss4_vuldb_pr			N
cvss4_vuldb_ui			N
cvss4_vuldb_vc			L
cvss4_vuldb_vi			L
cvss4_vuldb_va			L
cvss4_vuldb_e			X
cvss4_vuldb_at			N
cvss4_vuldb_sc			N
cvss4_vuldb_si			N
cvss4_vuldb_sa			N
cvss4_vuldb_bscore			6.9
cvss4_vuldb_btscore			6.9

◂ Gurɗo Gumti Gada ▸

Might our Artificial Intelligence support you?

Check our Alexa App!