{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1505","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-03-20T07:32:49.171Z","datePublished":"2023-03-20T09:00:06.223Z","dateUpdated":"2024-08-02T05:49:11.667Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-21T09:48:40.442Z"},"title":"SourceCodester E-Commerce System setDiscount.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"E-Commerce System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability."},{"lang":"de","value":"Eine Schwachstelle wurde in SourceCodester E-Commerce System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /ecommerce/admin/settings/setDiscount.php. Durch Beeinflussen des Arguments id mit der Eingabe 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4.6,"vectorString":"AV:N/AC:H/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-03-20T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-03-20T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-03-20T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-04-12T06:19:31.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"WWesleywww (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.223409","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.223409","tags":["signature"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:49:11.667Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.223409","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.223409","tags":["signature","x_transferred"]}]}]}}