| Title | kurniaramadhan Ecommerce-PHP-kurniaramadhan-1.0 1.0 SQL Injection |
|---|
| Description | Title of the Vulnerability: SQL Injection to XSS
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: SQL Injection & XSS
Product Name: E-Commerce-PHP
Vendor:
kurniaramadhan
Vendor Link:
https://github.com/kurniaramadhan
Vulnerable Product Link: https://github.com/kurniaramadhan/E-Commerce-PHP
Affected Components:
ID Parameters,Admin Panel Create Product Fields
Suggested Description:
SQL Injection in "parameters" in "E-commerce PHP application By kurniaramadhan v 1.0" allows "remote" attacker "to dump database,gain admin access and leads to XSS as create product fields aren't protected" via "all parameters and create product fields".
Attack Vectors:
To exploit vulnerability,he has to input exploits via parameters and then he can dump whole database or gain admin credentials and then he can login admin and as create products fields are not protected ,here XSS can be exploited
Detailed Blog:
https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1
|
|---|
| Source | ⚠️ https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1 |
|---|
| User | MaloyRoyOrko (UID 79572) |
|---|
| Submission | 12/28/2024 17:27 (1 Year ago) |
|---|
| Moderation | 01/08/2025 15:58 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 290798 [kurniaramadhan E-Commerce-PHP 1.0 Create Product Page create_product.php Name cross site scripting] |
|---|
| Points | 20 |
|---|