CVE-2023-43610

2023-09-2715:19:34

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-43610

sql injection

welcart e-commerce

nvd

order data edit page

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.

Affected configurations

Vulners

NVD

Node

collne_inc.welcart_e-commerceRange2.7–2.8.21

CPENameOperatorVersion
collne:welcart_e-commercecollne welcart e-commercele2.8.21

CPE	Name	Operator	Version
collne:welcart_e-commerce	collne welcart e-commerce	le	2.8.21

CNA Affected

[
  {
    "vendor": "Collne Inc.",
    "product": "Welcart e-Commerce",
    "versions": [
      {
        "version": "versions 2.7 to 2.8.21",
        "status": "affected"
      }
    ]
  }
]