{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-3298","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-04-04T18:03:29.489Z","datePublished":"2025-04-05T10:31:05.710Z","dateUpdated":"2025-04-07T16:27:54.580Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-04-05T10:31:05.710Z"},"title":"SourceCodester Online Eyewear Shop Registration Master.php access control","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"SourceCodester","product":"Online Eyewear Shop","versions":[{"version":"1.0","status":"affected"}],"modules":["Registration Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Registration Handler. The manipulation of the argument email leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"In SourceCodester Online Eyewear Shop 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /oews/classes/Master.php?f=save_product der Komponente Registration Handler. Durch die Manipulation des Arguments email mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2025-04-04T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-04-04T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-04-04T20:08:36.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"foreverfeifei (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.303493","name":"VDB-303493 | SourceCodester Online Eyewear Shop Registration Master.php access control","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.303493","name":"VDB-303493 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.550010","name":"Submit #550010 | sourcecodester Online Eyewear Shop Website v1.0 Any user registration","tags":["third-party-advisory"]},{"url":"https://github.com/foreverfeifei/cve/blob/main/user.md","tags":["exploit"]},{"url":"https://www.sourcecodester.com/","tags":["product"]}]},"adp":[{"references":[{"url":"https://github.com/foreverfeifei/cve/blob/main/user.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-07T16:27:31.193424Z","id":"CVE-2025-3298","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-07T16:27:54.580Z"}}]}}