CVE-2022-2957: SQL Injection
First published: Thu Aug 25 2022(Updated: )
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simple And Nice Shopping Cart Script Project Simple And Nice Shopping Cart Script |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-2957?
CVE-2022-2957 is a critical vulnerability found in SourceCodester Simple and Nice Shopping Cart Script, allowing remote attackers to launch SQL injection attacks.
Which version of Simple and Nice Shopping Cart Script is affected by CVE-2022-2957?
All versions of Simple and Nice Shopping Cart Script are affected by CVE-2022-2957.
What is the severity of CVE-2022-2957?
CVE-2022-2957 has a severity rating of critical (9.8).
What is the CWE ID of CVE-2022-2957?
CVE-2022-2957 is associated with CWE IDs 89, 707, and 74.
How do I fix the vulnerability CVE-2022-2957?
To fix CVE-2022-2957, it is recommended to apply the latest security patches or updates provided by Simple and Nice Shopping Cart Script.
- collector/nvd-index
- agent/type
- agent/references
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/simple and nice shopping cart script project
- canonical/simple and nice shopping cart script project simple and nice shopping cart script