Lucene search
China National Vulnerability DatabaseCNVD-2023-29381HistoryApr 16, 2023 - 12:00 a.m.
Online Computer and Laptop Store SQL Injection Vulnerability (CNVD-2023-29381)
2023-04-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
online computer and laptop store
sql injection
vulnerability
carlo montero
personal developer
update order status
validation
illegal sql commands
sensitive database data
0.001 Low
EPSS
Percentile
50.9%
Online Computer and Laptop Store is an online computer and laptop store by Carlo Monteroβs personal developer. Online Computer and Laptop Store v1.0 is vulnerable to a SQL injection vulnerability in the file /classes/Master.php?f=update_order_status, where the parameter id of the function update_order_status lacks validation for external input SQL statement, an attacker can use this vulnerability to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| carlo montero online computer and laptop store v | eq | 1.0 |
Related
nvd
nvd
CVE-2023-1987
2023-04-11 19:15:08
cve
cve
CVE-2023-1987
2023-04-11 19:15:08
cvelist
cvelist
prion
prion
Sql injection
2023-04-11 19:15:00