cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8089,https://securityvulnerability.io/vulnerability/CVE-2024-8089,Unrestricted File Upload Vulnerability in SourceCodester E-Commerce System,"A significant security flaw has been identified in the SourceCodester E-Commerce System version 1.0, specifically within the controller.php file located in the admin/products directory. This flaw stems from an insecure function that allows attackers to manipulate uploaded photos, resulting in unrestricted file uploads. Such vulnerabilities permit remote exploitation, enabling malicious users to upload arbitrary files to the server. The implications of this vulnerability are severe, as it opens the door to additional attacks, including web shell uploads and further compromise of the system. Immediate attention is required to mitigate the risks associated with this vulnerability.",Sourcecodester,E-commerce System,9.8,CRITICAL,0.0024900001008063555,false,,false,false,true,2024-08-22T23:15:00.000Z,true,false,false,,2024-08-23T00:15:00.000Z,0
CVE-2024-8087,https://securityvulnerability.io/vulnerability/CVE-2024-8087,SQL Injection Vulnerability in SourceCodester E-Commerce System,"A critical SQL injection vulnerability has been identified in the SourceCodester E-Commerce System version 1.0, specifically within the processing logic of the /ecommerce/popup_Item.php file. This vulnerability allows an attacker to manipulate the 'id' parameter, potentially enabling unauthorized access to database queries and the execution of arbitrary SQL commands. Being remote in nature, this vulnerability poses a significant risk as it can be exploited from outside the network, making it imperative for organizations using affected versions to implement immediate security measures to safeguard sensitive data and maintain system integrity.",Sourcecodester,E-commerce System,9.8,CRITICAL,0.0010900000343099236,false,,false,false,true,2024-08-22T22:15:00.000Z,true,false,false,,2024-08-22T23:15:00.000Z,0
CVE-2024-8086,https://securityvulnerability.io/vulnerability/CVE-2024-8086,SQL Injection Vulnerability in SourceCodester E-Commerce System's Admin Login,"A significant SQL Injection vulnerability has been identified in the admin login functionality of the SourceCodester E-Commerce System 1.0. This flaw exists in the file located at /ecommerce/admin/login.php and can be exploited by manipulating the 'user_email' argument. Attackers can execute this vulnerability remotely, leading to unauthorized access and potential data breaches. The public disclosure of this vulnerability raises concerns about the security integrity of the affected product. Organizations utilizing this e-commerce system should take immediate action to patch this vulnerability and mitigate associated risks.",Sourcecodester,E-commerce System,9.8,CRITICAL,0.0010900000343099236,false,,false,false,true,2024-08-22T22:15:00.000Z,true,false,false,,2024-08-22T23:15:00.000Z,0
CVE-2023-1569,https://securityvulnerability.io/vulnerability/CVE-2023-1569,SourceCodester E-Commerce System cross site scripting,A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the argument U_NAME with the input <script>alert('1')</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223561 was assigned to this vulnerability.,SourceCodester,E-Commerce System,5.4,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-03-22T14:15:00.000Z,0
CVE-2023-1557,https://securityvulnerability.io/vulnerability/CVE-2023-1557,SourceCodester E-Commerce System Username access control,"A vulnerability exists in the SourceCodester E-Commerce System's Username Handler, specifically within the /ecommerce/admin/user/controller.php file. This issue arises from improper access controls that allow an attacker to manipulate the USERID argument. Such manipulation may enable unauthorized actions on the system, potentially leading to significant security breaches. The attack can be executed remotely, which amplifies the risk for organizations utilizing this software.",SourceCodester,E-Commerce System,9.8,CRITICAL,0.0021299999207258224,false,,false,false,false,,,false,false,,2023-03-22T11:15:00.000Z,0
CVE-2023-1506,https://securityvulnerability.io/vulnerability/CVE-2023-1506,SourceCodester E-Commerce System login.php sql injection,"An SQL injection vulnerability has been identified in the SourceCodester E-Commerce System 1.0, specifically within an unknown function in the login.php file. This vulnerability occurs due to improper handling of the U_USERNAME parameter, allowing attackers to manipulate database queries. The attack can be executed remotely, posing a significant threat to data integrity and confidentiality. Although the complexity of the attack is considered high, the potential for exploitation remains, and the vulnerability has been publicly disclosed, necessitating immediate attention from affected users.",SourceCodester,E-Commerce System,8.1,HIGH,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-03-20T10:15:00.000Z,0
CVE-2023-1507,https://securityvulnerability.io/vulnerability/CVE-2023-1507,SourceCodester E-Commerce System Category Name controller.php cross site scripting,A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the argument CATEGORY leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223411.,SourceCodester,E-Commerce System,6.1,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-03-20T10:15:00.000Z,0
CVE-2023-1502,https://securityvulnerability.io/vulnerability/CVE-2023-1502,SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection,"A vulnerability exists in the SourceCodester Alphaware Simple E-Commerce System 1.0 that allows for SQL injection attacks via the manipulation of parameters in the file function/edit_customer.php. Specifically, an attacker can exploit this flaw by injecting SQL commands into the firstname, mi, or lastname fields using a crafted input. This attack can be executed remotely, making it particularly concerning for users of the affected system. While the complexity of launching such an attack is relatively high, the potential for exploitation poses a serious risk to the integrity and confidentiality of the database.",SourceCodester,Alphaware Simple E-Commerce System,8.1,HIGH,0.0029100000392645597,false,,false,false,false,,,false,false,,2023-03-20T09:15:00.000Z,0
CVE-2023-1504,https://securityvulnerability.io/vulnerability/CVE-2023-1504,SourceCodester Alphaware Simple E-Commerce System sql injection,"A vulnerability exists in SourceCodester's Alphaware Simple E-Commerce System 1.0, allowing for SQL injection through the manipulation of email/password input fields. An attacker could exploit this vulnerability remotely, executing arbitrary SQL commands that could compromise user data or application integrity. The complexity required for attack execution is relatively high, indicating that successful exploitation may necessitate advanced technical skills. The vulnerability has already been publicly disclosed, making it imperative for users to assess their systems and implement necessary security measures.",SourceCodester,Alphaware Simple E-Commerce System,8.1,HIGH,0.0029100000392645597,false,,false,false,false,,,false,false,,2023-03-20T09:15:00.000Z,0
CVE-2023-1505,https://securityvulnerability.io/vulnerability/CVE-2023-1505,SourceCodester E-Commerce System setDiscount.php sql injection,"A SQL injection vulnerability exists in the SourceCodester E-Commerce System 1.0, specifically in the admin settings file /ecommerce/admin/settings/setDiscount.php. By manipulating the 'id' parameter, an attacker may execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data. This vulnerability allows for remote exploitation, with a complex attack pattern, making its successful execution challenging. The issue is publicly disclosed, raising concerns about its potential use in malicious activities.",SourceCodester,E-Commerce System,8.1,HIGH,0.0029100000392645597,false,,false,false,false,,,false,false,,2023-03-20T09:15:00.000Z,0
CVE-2023-1503,https://securityvulnerability.io/vulnerability/CVE-2023-1503,SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection,"A vulnerability has been identified in the SourceCodester Alphaware Simple E-Commerce System 1.0, specifically in the admin/admin_index.php file. The flaw allows attackers to manipulate the username and password input parameters, leading to SQL injection. This vulnerability permits remote exploitation, where malicious actors may execute arbitrary SQL commands through crafted input. While the attack complexity is reported as high, the public disclosure of this exploit increases the urgency for affected users to apply patches and secure their installations.",SourceCodester,Alphaware Simple E-Commerce System,8.1,HIGH,0.0029100000392645597,false,,false,false,false,,,false,false,,2023-03-20T09:15:00.000Z,0
CVE-2023-0998,https://securityvulnerability.io/vulnerability/CVE-2023-0998,SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control,A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.,SourceCodester,Alphaware Simple E-Commerce System,5.3,MEDIUM,0.00279999990016222,false,,false,false,false,,,false,false,,2023-02-24T08:15:00.000Z,0
CVE-2023-0997,https://securityvulnerability.io/vulnerability/CVE-2023-0997,SourceCodester Moosikay E-Commerce System POST Parameter order.php sql injection,"A vulnerability has been identified in the Moosikay E-Commerce System version 1.0, specifically within the /Moosikay/order.php file handling POST parameters. Malicious manipulation of the 'username' argument allows for SQL injection attacks, which can be executed remotely. This vulnerability exposes the system to potential unauthorized data access and manipulation, underscoring the need for immediate attention and remediation by users of the platform.",SourceCodester,Moosikay E-Commerce System,8.8,HIGH,0.007110000122338533,false,,false,false,false,,,false,false,,2023-02-24T08:15:00.000Z,0
CVE-2022-2682,https://securityvulnerability.io/vulnerability/CVE-2022-2682,SourceCodester Alphaware Simple E-Commerce System stockin.php cross site scripting,"A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '""><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability.",Sourcecodester,Alphaware Simple E-commerce System,3.5,LOW,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-08-05T20:21:55.000Z,0
CVE-2022-2678,https://securityvulnerability.io/vulnerability/CVE-2022-2678,SourceCodester Alphaware Simple E-Commerce System Background Management Page admin_feature.php unrestricted upload,A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability.,Sourcecodester,Alphaware Simple E-commerce System,6.3,MEDIUM,0.0016899999463930726,false,,false,false,false,,,false,false,,2022-08-05T20:20:55.000Z,0