2 matches found
SPA-Cart eCommerce CMS 1.9.0.3 SQL Injection Vulnerability
Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...
CVE-2023-4548
CVE-2023-4548 affects SPA-Cart eCommerce CMS v1.9.0.3. A SQL injection flaw exists in the GET Parameter Handler’s GET parameter “filter[brandid]” within the /search endpoint, allowing remote abuse. Exploitation is demonstrated in public advisories and exploit listings (e.g., Exploit-DB, PacketSto...