CVE-2023-1505
CVE-2023-1505 describes a SQL injection in SourceCodester E-Commerce System 1.0, exploitable via the /ecommerce/admin/settings/setDiscount.php endpoint by manipulating the id parameter (example payload includes 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD)). This remote, high-severity flaw...