5 matches found
CVE-2023-1505
CVE-2023-1505 describes a SQL injection in SourceCodester E-Commerce System 1.0, exploitable via the /ecommerce/admin/settings/setDiscount.php endpoint by manipulating the id parameter (example payload includes 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD)). This remote, high-severity flaw...
CVE-2023-1506
CVE-2023-1506 affects SourceCodester E-Commerce System 1.0. The vulnerability is in an unknown function of login.php where manipulation of the U_USERNAME parameter leads to SQL injection. It is exploitable remotely with high impact on confidentiality, integrity, and availability; exploit complexi...
CVE-2023-1557
CVE-2023-1557 affects SourceCodester E-Commerce System 1.0. The vulnerability resides in the file at /ecommerce/admin/user/controller.php?action=edit within the Username Handler, where manipulating the USERID parameter leads to improper access controls. The issue is described as potentially explo...
CVE-2023-1507
CVE-2023-1507 affects SourceCodester E-Commerce System 1.0, specifically the Category Name Handler’s file /ecommerce/admin/category/controller.php. The vulnerability arises from manipulating the CATEGORY argument, enabling cross-site scripting (XSS). It can be exploited remotely, and the exploit ...
CVE-2023-1569
The CVE-2023-1569 entry concerns SourceCodester E-Commerce System 1.0. Affected component: the unknown functionality at admin/user/controller.php?action=edit. The vulnerability arises from manipulating the U_NAME parameter with input like , resulting in cross-site scripting. The issue can be expl...