{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5373","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-10-04T06:43:59.494Z","datePublished":"2023-10-04T12:31:04.960Z","dateUpdated":"2024-08-02T07:59:43.680Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-05T05:30:54.863Z"},"title":"SourceCodester Online Computer and Laptop Store Master.php register sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Online Computer and Laptop Store","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in SourceCodester Online Computer and Laptop Store 1.0 entdeckt. Betroffen hiervon ist die Funktion register der Datei Master.php. Mit der Manipulation des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-10-04T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-10-04T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-10-04T08:49:21.000Z","lang":"en","value":"VulDB last update"}],"credits":[{"lang":"en","value":"szlllc (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.241254","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.241254","tags":["signature","permissions-required"]},{"url":"https://github.com/Szlllc/Cve/blob/main/Computer%20and%20Laptop%20Store%20System%20Master.php%20has%20Sqlinjection.pdf","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"sourcecodester","product":"online_computer_and_laptop_store","cpes":["cpe:2.3:a:sourcecodester:online_computer_and_laptop_store:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-11T18:56:31.369238Z","id":"CVE-2023-5373","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-11T18:58:08.856Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:59:43.680Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.241254","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.241254","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/Szlllc/Cve/blob/main/Computer%20and%20Laptop%20Store%20System%20Master.php%20has%20Sqlinjection.pdf","tags":["exploit","x_transferred"]}]}]}}