Vulnerabilities > CVE-2023-0686 - Unspecified vulnerability in Oretnom23 Online Eyewear Shop 1.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

oretnom23

critical

NVD

Published: 2023-02-06

Updated: 2024-11-21

Summary

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Oretnom23 Oretnom23 Online Eyewear Shop 1.0	1

References

https://vuldb.com/?ctiid.220245
https://vuldb.com/?ctiid.220245
https://vuldb.com/?id.220245
https://vuldb.com/?id.220245