CVE-2023-3457: SourceCodester Shopping Website index.php sql injection
First published: Thu Jun 29 2023(Updated: )
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shopping Website | =1.0 | |
| Shopping Website | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-3457?
CVE-2023-3457 is classified as a critical vulnerability.
How does CVE-2023-3457 impact the system?
CVE-2023-3457 allows for SQL injection through manipulation of the username argument in the index.php file.
Who is affected by CVE-2023-3457?
CVE-2023-3457 affects users of SourceCodester Shopping Website version 1.0.
Can CVE-2023-3457 be exploited remotely?
Yes, CVE-2023-3457 can be exploited remotely.
What steps should be taken to mitigate CVE-2023-3457?
To mitigate CVE-2023-3457, it is recommended to sanitize input and implement prepared statements to prevent SQL injection.
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/title
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- vendor/sanchitkmr
- canonical/shopping website
- version/shopping website/1.0
- vendor/shopping website project