CVE-2023-7107

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fabianros:e-commerce_website:1.0:*:*:*:*:*:*:*

History

06 Dec 2024, 19:53

Type Values Removed Values Added
References () https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md - () https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md - Exploit
References () https://vuldb.com/?ctiid.249002 - () https://vuldb.com/?ctiid.249002 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.249002 - () https://vuldb.com/?id.249002 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:fabianros:e-commerce_website:1.0:*:*:*:*:*:*:*
First Time Fabianros
Fabianros e-commerce Website

21 Nov 2024, 08:45

Type Values Removed Values Added
References () https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md - () https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md -
References () https://vuldb.com/?ctiid.249002 - () https://vuldb.com/?ctiid.249002 -
References () https://vuldb.com/?id.249002 - () https://vuldb.com/?id.249002 -

21 Mar 2024, 02:50

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en code-projects E-Commerce Website 1.0. Ha sido calificada como crítica. Una función desconocida del archivo user_signup.php es afectada por esta vulnerabilidad. La manipulación del argumento nombre/segundo nombre/correo electrónico/dirección/contacto/nombre de usuario conduce a la inyección de SQL. El ataque puede lanzarse de forma remota. VDB-249002 es el identificador asignado a esta vulnerabilidad.

29 Feb 2024, 01:42

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-29 01:42

Updated : 2024-12-06 19:53


NVD link : CVE-2023-7107

Mitre link : CVE-2023-7107

CVE.ORG link : CVE-2023-7107


JSON object : View

Products Affected

fabianros

  • e-commerce_website
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')