VDB-249001 · CVE-2023-7106 · GCVE-100-249001

code-projects E-Commerce Website 1.0 product_details.php?prod_id=11 prod_id SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu code-projects E-Commerce Website 1.0 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii product_details.php?prod_id=11 keessa. Dhugumatti jijjiirraa irratti raawwatame prod_id gara SQL ଇଞ୍ଜେକ୍ସନ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-89 si geessa. Beekumsi kun yeroo 12/25/2023 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2023-7106 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 87 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/25/2023 03:16 PM	ଅଦ୍ୟତନ 1/2 01/19/2024 09:00 AM	ଅଦ୍ୟତନ 2/2 12/06/2024 09:08 PM
software_vendor	code-projects	code-projects	code-projects
software_name	E-Commerce Website	E-Commerce Website	E-Commerce Website
software_version	1.0	1.0	1.0
software_file	product_details.php?prod_id=11	product_details.php?prod_id=11	product_details.php?prod_id=11
software_argument	prod_id	prod_id	prod_id
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%202.md	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%202.md	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%202.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%202.md	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%202.md	https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%202.md
source_cve	CVE-2023-7106	CVE-2023-7106	CVE-2023-7106
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1703458800 (12/25/2023)	1703458800 (12/25/2023)	1703458800 (12/25/2023)
software_type	E-Commerce Management Software	E-Commerce Management Software	E-Commerce Management Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	5.7	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1703458800 (12/25/2023)	1703458800 (12/25/2023)
cve_nvd_summary		A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249001 was assigned to this vulnerability.	A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249001 was assigned to this vulnerability.
cve_nvd_summaryes			Se encontró una vulnerabilidad en code-projects E-Commerce Website 1.0. Ha sido declarada crítica. Una funcionalidad desconocida del archivo product_details.php?prod_id=11 es afectada por esta vulnerabilidad. La manipulación del argumento prod_id conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-249001.
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cvss3_cna_basescore			6.3
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			8.8
cvss2_cna_av			N
cvss2_cna_ac			L
cvss2_cna_au			S
cvss2_cna_ci			P
cvss2_cna_ii			P
cvss2_cna_ai			P
cvss2_cna_basescore			6.5
cvss4_vuldb_av			N
cvss4_vuldb_ac			L
cvss4_vuldb_pr			L
cvss4_vuldb_ui			N
cvss4_vuldb_vc			L
cvss4_vuldb_vi			L
cvss4_vuldb_va			L
cvss4_vuldb_e			P
cvss4_vuldb_at			N
cvss4_vuldb_sc			N
cvss4_vuldb_si			N
cvss4_vuldb_sa			N
cvss4_vuldb_bscore			5.3
cvss4_vuldb_btscore			2.1

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!