cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-1502,https://securityvulnerability.io/vulnerability/CVE-2023-1502,SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection,"A vulnerability exists in the SourceCodester Alphaware Simple E-Commerce System 1.0 that allows for SQL injection attacks via the manipulation of parameters in the file function/edit_customer.php. Specifically, an attacker can exploit this flaw by injecting SQL commands into the firstname, mi, or lastname fields using a crafted input. This attack can be executed remotely, making it particularly concerning for users of the affected system. While the complexity of launching such an attack is relatively high, the potential for exploitation poses a serious risk to the integrity and confidentiality of the database.",SourceCodester,Alphaware Simple E-Commerce System,8.1,HIGH,0.0029100000392645597,false,,false,false,false,,,false,false,,2023-03-20T09:15:00.000Z,0
CVE-2023-1503,https://securityvulnerability.io/vulnerability/CVE-2023-1503,SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection,"A vulnerability has been identified in the SourceCodester Alphaware Simple E-Commerce System 1.0, specifically in the admin/admin_index.php file. The flaw allows attackers to manipulate the username and password input parameters, leading to SQL injection. This vulnerability permits remote exploitation, where malicious actors may execute arbitrary SQL commands through crafted input. While the attack complexity is reported as high, the public disclosure of this exploit increases the urgency for affected users to apply patches and secure their installations.",SourceCodester,Alphaware Simple E-Commerce System,8.1,HIGH,0.0029100000392645597,false,,false,false,false,,,false,false,,2023-03-20T09:15:00.000Z,0
CVE-2023-1504,https://securityvulnerability.io/vulnerability/CVE-2023-1504,SourceCodester Alphaware Simple E-Commerce System sql injection,"A vulnerability exists in SourceCodester's Alphaware Simple E-Commerce System 1.0, allowing for SQL injection through the manipulation of email/password input fields. An attacker could exploit this vulnerability remotely, executing arbitrary SQL commands that could compromise user data or application integrity. The complexity required for attack execution is relatively high, indicating that successful exploitation may necessitate advanced technical skills. The vulnerability has already been publicly disclosed, making it imperative for users to assess their systems and implement necessary security measures.",SourceCodester,Alphaware Simple E-Commerce System,8.1,HIGH,0.0029100000392645597,false,,false,false,false,,,false,false,,2023-03-20T09:15:00.000Z,0
CVE-2023-0998,https://securityvulnerability.io/vulnerability/CVE-2023-0998,SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control,A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.,SourceCodester,Alphaware Simple E-Commerce System,5.3,MEDIUM,0.00279999990016222,false,,false,false,false,,,false,false,,2023-02-24T08:15:00.000Z,0
CVE-2022-2682,https://securityvulnerability.io/vulnerability/CVE-2022-2682,SourceCodester Alphaware Simple E-Commerce System stockin.php cross site scripting,"A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '""><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability.",Sourcecodester,Alphaware Simple E-commerce System,3.5,LOW,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-08-05T20:21:55.000Z,0
CVE-2022-2678,https://securityvulnerability.io/vulnerability/CVE-2022-2678,SourceCodester Alphaware Simple E-Commerce System Background Management Page admin_feature.php unrestricted upload,A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability.,Sourcecodester,Alphaware Simple E-commerce System,6.3,MEDIUM,0.0016899999463930726,false,,false,false,false,,,false,false,,2022-08-05T20:20:55.000Z,0