SourceCodester Online Eyewear Shop 1.0 id sql injection

ArtículoHistoryDiffjsonxmlCTI

Una vulnerabilidad fue encontrada en SourceCodester Online Eyewear Shop 1.0 y clasificada como crítica. Una función desconocida del archivo oews/?p=products/view_product.php es afectada por esta vulnerabilidad. Mediante la manipulación del parámetro id de un input desconocido se causa una vulnerabilidad de clase sql injection. La vulnerabilidad es identificada como CVE-2023-0673. El ataque se puede efectuar a través de la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. Una solución posible ha sido publicada antes y no simplemente después de la publicación de la vulnerabilidad.

Campo	2023-02-20 15:36	2023-03-05 07:45	2023-03-05 07:51
vendor	SourceCodester	SourceCodester	SourceCodester
name	Online Eyewear Shop	Online Eyewear Shop	Online Eyewear Shop
version	1.0	1.0	1.0
file	oews/?p=products/view_product.php	oews/?p=products/view_product.php	oews/?p=products/view_product.php
argument	id	id	id
cwe	89 (sql injection)	89 (sql injection)	89 (sql injection)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	H	H	H
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
availability	1	1	1
cve	CVE-2023-0673	CVE-2023-0673	CVE-2023-0673
responsible	VulDB	VulDB	VulDB
date	1675465200 (2023-02-04)	1675465200 (2023-02-04)	1675465200 (2023-02-04)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	H	H	H
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	4.6	4.6	4.6
cvss2_vuldb_tempscore	3.9	3.9	3.9
cvss3_vuldb_basescore	5.0	5.0	5.0
cvss3_vuldb_tempscore	4.6	4.6	4.6
cvss3_meta_basescore	6.9	6.9	7.1
cvss3_meta_tempscore	6.7	6.7	7.0
price_0day	$0-$5k	$0-$5k	$0-$5k
cvss2_researcher_ai	C	C	C
cvss3_researcher_c	H	H	H
cvss3_researcher_e	X	X	X
cvss3_researcher_ui	N	N	N
cvss3_researcher_pr	L	L	L
company_website	https://cyberpartners.it/	https://cyberpartners.it/	https://cyberpartners.it/
cvss3_researcher_a	H	H	H
cvss3_researcher_ac	L	L	L
cvss2_researcher_e	ND	ND	ND
cvss2_researcher_av	N	N	N
cvss2_researcher_ac	L	L	L
person_name	Pierfrancesco Conti	Pierfrancesco Conti	Pierfrancesco Conti
cvss3_researcher_av	N	N	N
cvss2_researcher_ci	C	C	C
cvss3_researcher_i	H	H	H
company_name	Cyber Partners	Cyber Partners	Cyber Partners
cvss3_researcher_s	U	U	U
cvss2_researcher_au	S	S	S
cvss2_researcher_ii	C	C	C
cvss2_researcher_basescore	9.0	9.0	9.0
cvss3_researcher_basescore	8.8	8.8	8.8
person_mail	secpconti@***.*	secpconti@***.*	secpconti@***.*
cve_assigned		1675465200 (2023-02-04)	1675465200 (2023-02-04)
cve_nvd_summary		A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195.	A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			H
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			H
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			4.6
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.0

◂ Anterior Visión De Conjunto Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!