First published: Thu Sep 22 2022(Updated: )
Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Online Pet Shop Web Application Project Online Pet Shop Web Application | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-40933 is high with a CVSS score of 7.2.
CVE-2022-40933 affects the Online Pet Shop Web Application v1.0 by allowing SQL injection via the /pet_shop/classes/Master.php?f=delete_order,id parameter.
To fix CVE-2022-40933 in the Online Pet Shop Web Application v1.0, developers should implement proper input validation and parameterization to prevent SQL injection attacks.
SQL injection is a code injection technique used by attackers to exploit vulnerabilities in a web application's database layer, allowing them to manipulate or retrieve sensitive data.
The Common Weakness Enumeration (CWE) ID associated with CVE-2022-40933 is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')).