First published: Fri Jul 28 2023(Updated: )
A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Online Jewelry Store Project Online Jewelry Store | =1.0 | |
=1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-3985 is critical with a severity value of 9.8.
The affected software by CVE-2023-3985 is SourceCodester Online Jewelry Store 1.0.
CVE-2023-3985 introduces a SQL injection vulnerability in the login.php file of SourceCodester Online Jewelry Store 1.0, which can be exploited remotely.
Yes, you can find references for CVE-2023-3985 at the following links: [Reference 1](https://github.com/MaxLiu98/Jewelry-Store-System/blob/main/Jewelry%20Store%20System%20login.php%20has%20Sqlinjection.pdf), [Reference 2](https://vuldb.com/?ctiid.235606), [Reference 3](https://vuldb.com/?id.235606).
The Common Weakness Enumeration (CWE) of CVE-2023-3985 is CWE-89.