Lucene search
K
E-commerce System ProjectE-commerce System

5 matches found

CVE
CVE
added 2023/03/20 9:0 a.m.67 views

CVE-2023-1505

CVE-2023-1505 describes a SQL injection in SourceCodester E-Commerce System 1.0, exploitable via the /ecommerce/admin/settings/setDiscount.php endpoint by manipulating the id parameter (example payload includes 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD)). This remote, high-severity flaw...

8.1CVSS6.8AI score0.00551EPSS
Web
CVE
CVE
added 2023/03/20 9:31 a.m.66 views

CVE-2023-1506

CVE-2023-1506 affects SourceCodester E-Commerce System 1.0. The vulnerability is in an unknown function of login.php where manipulation of the U_USERNAME parameter leads to SQL injection. It is exploitable remotely with high impact on confidentiality, integrity, and availability; exploit complexi...

8.1CVSS7AI score0.00506EPSS
CVE
CVE
added 2023/03/22 10:31 a.m.66 views

CVE-2023-1557

CVE-2023-1557 affects SourceCodester E-Commerce System 1.0. The vulnerability resides in the file at /ecommerce/admin/user/controller.php?action=edit within the Username Handler, where manipulating the USERID parameter leads to improper access controls. The issue is described as potentially explo...

9.8CVSS7.9AI score0.00457EPSS
Web
CVE
CVE
added 2023/03/20 10:0 a.m.56 views

CVE-2023-1507

CVE-2023-1507 affects SourceCodester E-Commerce System 1.0, specifically the Category Name Handler’s file /ecommerce/admin/category/controller.php. The vulnerability arises from manipulating the CATEGORY argument, enabling cross-site scripting (XSS). It can be exploited remotely, and the exploit ...

6.1CVSS4.8AI score0.00357EPSS
Web
CVE
CVE
added 2023/03/22 2:0 p.m.50 views

CVE-2023-1569

The CVE-2023-1569 entry concerns SourceCodester E-Commerce System 1.0. Affected component: the unknown functionality at admin/user/controller.php?action=edit. The vulnerability arises from manipulating the U_NAME parameter with input like , resulting in cross-site scripting. The issue can be expl...

5.4CVSS4.4AI score0.00491EPSS
Web