Lucene search

JpcertVULNRICHMENT:CVE-2023-43610

HistorySep 26, 2023 - 8:19 a.m.

CVE-2023-43610

2023-09-2608:19:11

jpcert

github.com

sql injection

welcart e-commerce

vulnerability

order data edit

privilege escalation

AI Score

7.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.

References

jvn.jp/en/jp/JVN97197972/

www.welcart.com/archives/20106.html