Lucene search

INCIBECVELIST:CVE-2024-4826

HistoryMay 16, 2024 - 12:07 p.m.

CVE-2024-4826 SQL injection vulnerability in Simple PHP Shopping Cart

2024-05-1612:07:01

CWE-89

INCIBE

www.cve.org

cve-2024-4826

sql injection

simple php shopping cart

version 0.9

database

sanitisation

category.php

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

Percentile

9.0%

JSON

SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Simple PHP Shopping Cart",
    "vendor": "Asaancart",
    "versions": [
      {
        "status": "affected",
        "version": "0.9"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-simple-php-shopping-cart

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-4826