| शीर्षक | SourceCodester Online Eyewear Shop 1.0 SQL Injection |
|---|
| विवरण | A critical SQL injection vulnerability has been identified in the "Add to Cart" feature of the Online Eyewear Shop Website version 1.0. The flaw is triggered through the `product_id` parameter sent via a POST request to the endpoint `classes/Master.php?f=add_to_card`. Attackers can manipulate the `product_id` input to execute arbitrary SQL commands, leading to unauthorized access and potential data breaches.
This vulnerability compromises the backend database, allowing attackers to extract sensitive information or disrupt normal operations. As there is no patch available, the risk remains critical. |
|---|
| स्रोत | ⚠️ https://gist.github.com/higordiego/2373b9e3e89f03e5f8888efd38eb4b48 |
|---|
| उपयोगकर्ता | c4ttr4ck (UID 75518) |
|---|
| सबमिशन | 13/10/2024 10:52 PM (2 साल पहले) |
|---|
| संयम | 15/10/2024 07:09 AM (1 day later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 280339 [SourceCodester Online Eyewear Shop 1.0 POST Request Master.php?f=add_to_card product_id SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|