| Title | SourceCodester Online Eyewear Shop 1.0 SQL Injection |
|---|
| Description | ## Affected Version:
- **Online Eyewear Shop Website**: 1.0
## Vulnerability Information:
- **Vulnerability Type**: SQL Injection
- **Severity**: CRITICAL
- **Status**: Unpatched
## Vulnerable URL:
- `/admin/?page=inventory/view_inventory&id=2`
## Vulnerable File:
- `/admin/inventory/view_inventory`
## Vulnerability Description:
The Online Eyewear Shop Website version 1.0 contains a critical SQL injection vulnerability. An attacker can exploit this issue by manipulating the `id` parameter within the inventory viewing page of the admin panel (`/admin/?page=inventory/view_inventory&id=2`). By doing so, an attacker can retrieve sensitive data directly from the backend database, leading to potential data breaches. |
|---|
| Source | ⚠️ https://gist.github.com/higordiego/8679961c9d732e4068aaa37fd8d01439 |
|---|
| User | c4ttr4ck (UID 75518) |
|---|
| Submission | 10/11/2024 23:43 (2 years ago) |
|---|
| Moderation | 10/12/2024 08:32 (9 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 280181 [SourceCodester Online Eyewear Shop 1.0 view_inventory&id=2 ID sql injection] |
|---|
| Points | 20 |
|---|