The vulnerability of the `id` parameter in e-commerce web applications, as identified by SourceCoder in the “Online Shopping Alphaware” project, relates to the failure to protect the SQL query structure. This vulnerability allows attackers to execute arbitrary SQL commands and gain access to confidential data.

🗓️ 08 Sep 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in the id parameter of ecommerce apps allows database injection, enabling arbitrary commands and access to confidential data.

Reporter	Title	Published	Views	Family All 10
CNNVD	Sourcecodester Online Shopping Alphaware SQL注入漏洞	2 Jun 202100:00	–	cnnvd
CNVD	Sourcecodester Online Shopping Alphaware SQL Injection Vulnerability	4 Jun 202100:00	–	cnvd
CNVD	Sourcecodester Online Shopping Alphaware SQL Injection Vulnerability (CNVD-2021-95931)	4 Jun 202100:00	–	cnvd
CVE	CVE-2020-25362	2 Jun 202116:50	–	cve
Cvelist	CVE-2020-25362	2 Jun 202116:50	–	cvelist
EUVD	EUVD-2020-18049	7 Oct 202500:30	–	euvd
NVD	CVE-2020-25362	2 Jun 202117:15	–	nvd
OSV	CVE-2020-25362	2 Jun 202117:15	–	osv
Prion	Sql injection	2 Jun 202117:15	–	prion
RedhatCVE	CVE-2020-25362	22 May 202515:21	–	redhatcve

Vulners

Node

online_shopping_alphaware online_shopping_alphawareRange≤1.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-25362
vuldb	www.vuldb.com/
exploit-db	www.exploit-db.com/exploits/48771
sourcecodester	www.sourcecodester.com/download-code
sourcecodester	www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html
web	www.web.nvd.nist.gov/view/vuln/detail

08 Sep 2021 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 25

CVSS 37.5

EPSS0.01298

id parameter ecommerce applications database injection arbitrary commands confidential data