Required CVE Record Information
Description
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 5.3 | MEDIUM | 4.0 | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| 6.3 | MEDIUM | 3.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 6.3 | MEDIUM | 3.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 6.5 | — | 2.0 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Credits
- lio346 (VulDB User) reporter
References 5 Total
- vuldb.com: VDB-290145 | code-projects Online Shoe Store summary.php sql injection vdb-entrytechnical-description
- vuldb.com: VDB-290145 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
- vuldb.com: Submit #474038 | code-projects Online Shoe Store 1.0 SQL Injection third-party-advisory
- https://gist.github.com/th4s1s/24925a20d1f9336858dee1cbbb30c249 exploit
- https://code-projects.org/ product