cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0173,https://securityvulnerability.io/vulnerability/CVE-2025-0173,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0,"A SQL injection vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0. The issue is located in the /orders/view_order.php file, where an attacker can manipulate the 'id' parameter. This manipulation may allow unauthorized access to sensitive data, thereby compromising the application's data integrity and security. The vulnerability can be exploited remotely, making it imperative for users and administrators to take proactive measures to patch and secure their systems.",Sourcecodester,Online Eyewear Shop,5.3,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2025-01-02T17:31:05.618Z,0
CVE-2024-9974,https://securityvulnerability.io/vulnerability/CVE-2024-9974,SQL Injection Vulnerability in SourceCodester Eyewear Shop Application,"A critical SQL injection vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0, specifically in the POST request handler located at classes/Master.php?f=add_to_card. The vulnerability arises when the product_id parameter is manipulated, potentially allowing attackers to execute unauthorized SQL queries against the application's database. This flaw poses a significant risk as it can be exploited remotely, leading to data breaches that compromise the integrity and confidentiality of sensitive information. It is crucial for users and administrators to implement immediate mitigations to protect their systems from potential exploitation.",Sourcecodester,Online Eyewear Shop,9.8,CRITICAL,0.0006300000241026282,false,false,false,true,true,false,false,2024-10-15T09:31:07.285Z,0
CVE-2024-9973,https://securityvulnerability.io/vulnerability/CVE-2024-9973,Remote SQL Injection Vulnerability in SourceCodester Online Eyewear Shop Report Viewing Page,"A vulnerability exists in SourceCodester Online Eyewear Shop 1.0, specifically within the Report Viewing Page component. This issue is triggered by improper handling of the 'date' parameter in the /admin/?page=reports file, leading to a SQL injection attack that can be executed remotely. With the exploit having been made public, it poses a considerable risk to users and requires immediate attention to mitigate potential security breaches.",Sourcecodester,Online Eyewear Shop,9.8,CRITICAL,0.0006300000241026282,false,false,false,true,true,false,false,2024-10-15T09:31:05.293Z,0
CVE-2024-9952,https://securityvulnerability.io/vulnerability/CVE-2024-9952,Cross Site Scripting Vulnerability in Online Eyewear Shop 1.0,"A security vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0, specifically within the Contact Information Page. The issue arises from improper handling of input parameters, particularly the Address argument in the file /admin/?page=system_info/contact_info. This flaw allows attackers to execute cross-site scripting (XSS) attacks, potentially enabling them to inject malicious scripts into web pages viewed by users. The vulnerability can be exploited remotely, increasing the risk of unauthorized access and manipulation of data. Furthermore, other parameters within the application may also be susceptible to similar exploitation.",Sourcecodester,Online Eyewear Shop,4.8,MEDIUM,0.0006600000197067857,false,false,false,true,true,false,false,2024-10-15T02:00:06.101Z,0
CVE-2024-9906,https://securityvulnerability.io/vulnerability/CVE-2024-9906,Cross Site Scripting Vulnerability in SourceCodester Online Eyewear Shop,"An undisclosed function within the SourceCodester Online Eyewear Shop 1.0 is vulnerable to cross site scripting through the argument manipulation in the URL. Specifically, the endpoint /admin/?page=inventory/view_inventory&id=2 is susceptible to this exploit, which could allow remote attackers to execute arbitrary scripts in the context of a user's browser. This vulnerability poses a risk of exposing sensitive user information and modifying the way the web application behaves, potentially leading to phishing or other malicious activities.",Sourcecodester,Online Eyewear Shop,5.4,MEDIUM,0.0006600000197067857,false,false,false,true,true,false,false,2024-10-13T04:00:06.743Z,0
CVE-2024-9905,https://securityvulnerability.io/vulnerability/CVE-2024-9905,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop,"A vulnerability has been discovered in the SourceCodester Online Eyewear Shop 1.0, which allows attackers to execute SQL injection through manipulated parameters in the file '/admin/?page=inventory/view_inventory&id=2'. This critical flaw enables unauthorized users to access and potentially alter database information, posing significant risks to data confidentiality and integrity. The nature of this vulnerability suggests that it can be exploited remotely, highlighting the urgent need for users to implement security patches and mitigate exposure to this risk. Public disclosure of the exploit amplifies the urgency for affected entities to take action.",Sourcecodester,Online Eyewear Shop,8.8,HIGH,0.0007300000288523734,false,false,false,true,true,false,false,2024-10-13T02:31:04.538Z,0
CVE-2024-9809,https://securityvulnerability.io/vulnerability/CVE-2024-9809,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop,"An SQL injection vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0. This critical flaw arises from improper handling of the 'id' argument in the delete_product function located in Master.php. When exploited, this vulnerability allows attackers to execute arbitrary SQL queries against the database, which could lead to unauthorized data manipulation or exposure. The flaw can be exploited remotely, making it imperative for users of this software to apply security patches or consider alternative solutions. Awareness and proactive measures are essential to safeguard against potential exploits that have already been publicly disclosed.",Sourcecodester,Online Eyewear Shop,6.5,MEDIUM,0.001449999981559813,false,false,false,true,true,false,false,2024-10-10T19:31:07.082Z,0
CVE-2024-9808,https://securityvulnerability.io/vulnerability/CVE-2024-9808,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop,"A significant vulnerability has been identified in SourceCodester's Online Eyewear Shop version 1.0, particularly affecting an unidentified function in the admin interface, specifically the '/admin/?page=products/view_product' endpoint. This vulnerability arises from improper handling of user-supplied input, allowing attackers to manipulate the 'id' argument to execute SQL injection attacks remotely. The exploitation of this vulnerability could lead to unauthorized access to the underlying database, enabling attackers to retrieve sensitive information or alter the application's data integrity. This flaw has been publicly disclosed, highlighting the urgent need for affected users to implement security patches and protective measures.",Sourcecodester,Online Eyewear Shop,6.5,MEDIUM,0.001449999981559813,false,false,false,true,true,false,false,2024-10-10T19:31:04.953Z,0
CVE-2024-9317,https://securityvulnerability.io/vulnerability/CVE-2024-9317,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop,"A severe SQL injection vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0. The flaw specifically resides in the 'delete_category' function of the Master.php file, where improper handling of the 'id' argument can allow attackers to manipulate SQL queries. This vulnerability can be exploited remotely, meaning that attackers can execute arbitrary SQL commands without needing physical access to the vulnerable system. Publicly disclosed exploits for this vulnerability pose a significant risk, highlighting the importance of immediate remediation measures to safeguard sensitive data and maintain website integrity.",SourceCodester Online Eyewear Shop,Online Eyewear Shop,8.8,HIGH,0.0007300000288523734,false,false,false,false,,false,false,2024-09-28T21:15:00.000Z,0
CVE-2024-9082,https://securityvulnerability.io/vulnerability/CVE-2024-9082,Improper Authorization Vulnerability in SourceCodester Online Eyewear Shop,"A critical vulnerability exists in the SourceCodester Online Eyewear Shop version 1.0, specifically in the User Creation Handler functionality found in the /Users.phpf=save file. The issue arises from improper authorization due to a manipulation of the input argument type, which allows unauthorized access to create users. This flaw can be exploited remotely, potentially compromising the integrity of the web application. Security measures should be urgently reviewed and enhanced to prevent potential exploitation of this vulnerability.",Sourcecodester,Online Eyewear Shop,9.8,CRITICAL,0.0006799999973736703,false,false,false,true,true,false,false,2024-09-22T08:00:07.660Z,0
CVE-2024-9081,https://securityvulnerability.io/vulnerability/CVE-2024-9081,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop,"A significant SQL injection vulnerability has been identified in the view_category.php file of SourceCodester's Online Eyewear Shop version 1.0. This vulnerability arises from improper validation of the 'id' parameter, enabling attackers to execute unauthorized SQL commands through crafted requests. This exploitation can be remotely launched, posing a severe risk to data integrity and security. The exploit has already been disclosed publicly, making affected systems particularly susceptible to attacks if not mitigated promptly. Users of the affected product should take immediate action to secure their applications.",Sourcecodester,Online Eyewear Shop,7.5,HIGH,0.0016499999910593033,false,false,false,true,true,false,false,2024-09-22T07:00:07.760Z,0
CVE-2024-5894,https://securityvulnerability.io/vulnerability/CVE-2024-5894,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop,"A significant SQL injection vulnerability has been identified in the manage_product.php file of SourceCodester's Online Eyewear Shop version 1.0. This flaw allows unauthorized remote attackers to manipulate SQL queries by altering the 'id' parameter. Successful exploitation could lead to unauthorized access to sensitive data, data leakage, or even complete database compromise. It is crucial for users of this platform to implement security patches and best practices to safeguard their online stores from potential exploits, as the vulnerability has been publicly disclosed, raising concerns about the risk of active attacks.",Sourcecodester,Online Eyewear Shop,9.8,CRITICAL,0.0006900000153109431,false,false,false,true,true,false,false,2024-06-12T15:00:04.965Z,0
CVE-2023-2244,https://securityvulnerability.io/vulnerability/CVE-2023-2244,SourceCodester Online Eyewear Shop GET Parameter update_status.php sql injection,A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227229 was assigned to this vulnerability.,SourceCodester,Online Eyewear Shop,9.8,CRITICAL,0.0026400000788271427,false,false,false,false,,false,false,2023-04-22T17:15:00.000Z,0
CVE-2023-1969,https://securityvulnerability.io/vulnerability/CVE-2023-1969,SourceCodester Online Eyewear Shop GET Parameter manage_stock.php sql injection,"A vulnerability in the SourceCodester Online Eyewear Shop allows for SQL injection through the manipulation of the 'id' parameter in the /admin/inventory/manage_stock.php file. This flaw permits attackers to execute arbitrary SQL commands, potentially exposing sensitive data or compromising the database. The vulnerability can be exploited remotely, and its disclosure poses risks to users of the affected version.",SourceCodester,Online Eyewear Shop,9.8,CRITICAL,0.0026400000788271427,false,false,false,false,,false,false,2023-04-10T16:15:00.000Z,0
CVE-2023-0966,https://securityvulnerability.io/vulnerability/CVE-2023-0966,SourceCodester Online Eyewear Shop cross site scripting,"A vulnerability exists in the SourceCodester Online Eyewear Shop 1.0 that allows for cross-site scripting through manipulation of the 'id' argument within the 'admin/?page=orders/view_order' functionality. This could enable attackers to execute arbitrary JavaScript in the context of a user's browser, potentially leading to session hijacking or defacement. The exploit is publicly known and remote attacks are possible, making this a significant concern for users of the application.",SourceCodester,Online Eyewear Shop,8.8,HIGH,0.0025100000202655792,false,false,false,false,,false,false,2023-02-22T20:15:00.000Z,0
CVE-2023-0732,https://securityvulnerability.io/vulnerability/CVE-2023-0732,SourceCodester Online Eyewear Shop POST Request Users.php registration cross site scripting,A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability.,SourceCodester,Online Eyewear Shop,6.1,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2023-02-07T20:15:00.000Z,0
CVE-2023-0686,https://securityvulnerability.io/vulnerability/CVE-2023-0686,SourceCodester Online Eyewear Shop HTTP POST Request update_cart sql injection,A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability.,Sourcecodester,Online Eyewear Shop,5,MEDIUM,0.0017999999690800905,false,false,false,false,,false,false,2023-02-06T20:15:00.000Z,0
CVE-2023-0673,https://securityvulnerability.io/vulnerability/CVE-2023-0673,SourceCodester Online Eyewear Shop sql injection,"A significant vulnerability was identified in SourceCodester's Online Eyewear Shop version 1.0, specifically within the product view feature. This vulnerability arises from improper handling of the 'id' parameter within the URL path oews/?p=products/view_product.php, allowing attackers to perform SQL injection attacks. Remote attackers can exploit this weakness to manipulate database queries by injecting malicious SQL code. Although the complexity of successfully executing this attack is relatively high, potential security ramifications necessitate immediate attention from users and administrators of the affected product.",SourceCodester,Online Eyewear Shop,8.1,HIGH,0.0017999999690800905,false,false,false,false,,false,false,2023-02-04T08:15:00.000Z,0