Lucene search
China National Vulnerability DatabaseCNVD-2023-29384HistoryApr 11, 2023 - 12:00 a.m.
Online Computer and Laptop Store SQL Injection Vulnerability (CNVD-2023-29384)
2023-04-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
online computer and laptop store
sql injection
vulnerability
carlo montero
date_start
date_end
file
admin
sales
attackers
sensitive database data
0.001 Low
EPSS
Percentile
47.6%
Online Computer and Laptop Store is an online computer and laptop store from Carlo Monteroβs personal developer. Online Computer and Laptop Store v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of externally entered SQL statements in the parameter date_start/date_end in the file /admin/sales/index.php, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| carlo montero online computer and laptop store v | eq | 1.0 |
Related
prion
prion
Sql injection
2023-04-08 10:15:00
nvd
nvd
CVE-2023-1953
2023-04-08 10:15:06
cve
cve
CVE-2023-1953
2023-04-08 10:15:06
cvelist
cvelist