CVE-2023-7107

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability.

CVSS v3 7.3 HIGH
CVSS v2.0 7.5 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md	Exploit
https://vuldb.com/?ctiid.249002	Permissions Required VDB Entry
https://vuldb.com/?id.249002	Third Party Advisory VDB Entry
https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md	Exploit
https://vuldb.com/?ctiid.249002	Permissions Required VDB Entry
https://vuldb.com/?id.249002	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:fabianros:e-commerce_website:1.0:*:*:*:*:*:*:*

History

06 Dec 2024, 19:53

Type	Values Removed	Values Added
First Time		Fabianros Fabianros e-commerce Website
CPE		cpe:2.3:a:fabianros:e-commerce_website:1.0:::::::*
References	~~() https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md -~~	() https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md - Exploit
References	~~() https://vuldb.com/?ctiid.249002 -~~	() https://vuldb.com/?ctiid.249002 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.249002 -~~	() https://vuldb.com/?id.249002 - Third Party Advisory, VDB Entry

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	~~() https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md -~~	() https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md -
References	~~() https://vuldb.com/?ctiid.249002 -~~	() https://vuldb.com/?ctiid.249002 -
References	~~() https://vuldb.com/?id.249002 -~~	() https://vuldb.com/?id.249002 -

29 Feb 2024, 01:42

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-29 01:42

Updated : 2024-12-06 19:53

NVD link : CVE-2023-7107

Mitre link : CVE-2023-7107

CVE.ORG link : CVE-2023-7107

JSON object : View

Products Affected

fabianros

e-commerce_website

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.3 /10