cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-8084,https://securityvulnerability.io/vulnerability/CVE-2024-8084,Cross Site Scripting Vulnerability in SourceCodester Online Computer and Laptop Store's Setting Handler,"A vulnerability has been identified in the SourceCodester Online Computer and Laptop Store version 1.0, specifically within the SystemSettings.php file of the Setting Handler component. This issue arises from improper handling of input parameters, allowing attackers to perform cross-site scripting (XSS) attacks. By manipulating the 'System Name' argument, remote attackers can inject malicious scripts into web pages viewed by other users, leading to various security risks, including data theft and session hijacking. The vulnerability has been publicly disclosed, highlighting the need for immediate action to mitigate potential exploitation.",Sourcecodester,Online Computer And Laptop Store,4.8,MEDIUM,0.0007999999797903001,false,,false,false,true,2024-08-22T21:15:00.000Z,true,false,false,,2024-08-22T22:15:00.000Z,0 CVE-2024-8083,https://securityvulnerability.io/vulnerability/CVE-2024-8083,SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store,"A security vulnerability has been identified in version 1.0 of the SourceCodester Online Computer and Laptop Store application. Specifically, the issue exists within the /php-ocls/classes/Master.php file where the 'pay_order' functionality allows for an SQL injection attack via manipulated input parameters. This remote exploit could enable attackers to execute arbitrary SQL commands on the underlying database, potentially compromising sensitive information. It is crucial for users and administrators of the application to apply necessary updates and follow best practices for web application security to mitigate the risks associated with this vulnerability.",Sourcecodester,Online Computer And Laptop Store,8.8,HIGH,0.0009599999757483602,false,,false,false,true,2024-08-22T21:15:00.000Z,true,false,false,,2024-08-22T22:15:00.000Z,0 CVE-2024-4798,https://securityvulnerability.io/vulnerability/CVE-2024-4798,SQL Injection Vulnerability in SourceCodester Online Computer and Laptop Store,"A critical SQL injection vulnerability has been identified in SourceCodester's Online Computer and Laptop Store version 1.0. This flaw arises from improper handling of the 'id' parameter in the /admin/maintenance/manage_brand.php file, allowing attackers to execute arbitrary SQL commands against the database. The vulnerability can be exploited remotely, posing significant risks to the integrity and confidentiality of sensitive information stored in the application's database. Timely patching and robust input validation are essential to mitigate exposure to this threat.",Sourcecodester,Online Computer And Laptop Store,6.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-05-14T14:44:00.000Z,true,false,false,,2024-05-14T15:44:00.000Z,0 CVE-2023-5374,https://securityvulnerability.io/vulnerability/CVE-2023-5374,SourceCodester Online Computer and Laptop Store products.php sql injection,"A significant SQL injection vulnerability has been discovered in the products.php file of the Online Computer and Laptop Store application. This flaw allows attackers to manipulate the input argument 'c', enabling them to execute unauthorized SQL code on the database. The vulnerability is exploitable remotely, facilitating potential data breaches and unauthorized access to sensitive information. It is crucial for users of the impacted version to take immediate action to secure their systems against possible exploits.",SourceCodester,Online Computer and Laptop Store,9.8,CRITICAL,0.008709999732673168,false,,false,false,false,,,false,false,,2023-10-04T14:15:00.000Z,0 CVE-2023-5373,https://securityvulnerability.io/vulnerability/CVE-2023-5373,SourceCodester Online Computer and Laptop Store Master.php register sql injection,"A security vulnerability has been identified in the Online Computer and Laptop Store software developed by SourceCodester. This SQL injection vulnerability, found in the 'register' function of the 'Master.php' file, allows attackers to manipulate the 'email' argument. The flaw can be exploited remotely, potentially allowing unauthorized access to the database. The exploit has already been publicly disclosed, increasing the urgency for users to secure their applications against possible attacks. It is crucial to update to the latest version or implement appropriate security measures to mitigate risks.",Sourcecodester,Online Computer And Laptop Store,7.3,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-10-04T13:15:00.000Z,0 CVE-2023-2660,https://securityvulnerability.io/vulnerability/CVE-2023-2660,SourceCodester Online Computer and Laptop Store view_categories.php sql injection,"A vulnerability has been identified in the SourceCodester Online Computer and Laptop Store, specifically within the view_categories.php file. An attacker can manipulate the 'c' parameter, leading to potential unauthorized SQL command execution. This vulnerability may allow remote attackers to access or manipulate the database without needing authentication. Given the public disclosure of the exploit, immediate attention to this issue is essential to prevent possible data breaches and enhance overall application security.",Sourcecodester,Online Computer And Laptop Store,6.3,MEDIUM,0.002050000010058284,false,,false,false,true,2023-05-11T15:15:00.000Z,true,false,false,,2023-05-11T15:15:00.000Z,0 CVE-2023-2659,https://securityvulnerability.io/vulnerability/CVE-2023-2659,SourceCodester Online Computer and Laptop Store view_product.php sql injection,"A significant SQL injection vulnerability exists in the Online Computer and Laptop Store's view_product.php file, where improper validation of the 'id' parameter can be exploited to execute unauthorized SQL queries. This flaw particularly poses a threat as it allows remote attackers to manipulate database queries, potentially compromising sensitive data and the overall integrity of the application. Given the public disclosure of this exploit, immediate action is essential for users to safeguard their systems.",SourceCodester,Online Computer and Laptop Store,9.8,CRITICAL,0.007230000104755163,false,,false,false,false,,,false,false,,2023-05-11T15:15:00.000Z,0 CVE-2023-2661,https://securityvulnerability.io/vulnerability/CVE-2023-2661,SourceCodester Online Computer and Laptop Store Master.php sql injection,"A vulnerability exists in SourceCodester Online Computer and Laptop Store version 1.0 due to improper handling of input parameters in the file /classes/Master.php. This flaw allows attackers to manipulate the 'id' argument, enabling them to execute unauthorized SQL queries. The exploitation can be performed remotely, highlighting a significant risk for exposed web applications. Public disclosure of the exploit increases the urgency for affected users to implement mitigations.",SourceCodester,Online Computer and Laptop Store,9.8,CRITICAL,0.007230000104755163,false,,false,false,false,,,false,false,,2023-05-11T15:15:00.000Z,0 CVE-2023-2657,https://securityvulnerability.io/vulnerability/CVE-2023-2657,SourceCodester Online Computer and Laptop Store products.php cross site scripting,A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799.,SourceCodester,Online Computer and Laptop Store,6.1,MEDIUM,0.001560000004246831,false,,false,false,false,,,false,false,,2023-05-11T14:15:00.000Z,0 CVE-2023-2658,https://securityvulnerability.io/vulnerability/CVE-2023-2658,SourceCodester Online Computer and Laptop Store products.php sql injection,"A critical SQL injection vulnerability has been identified in the SourceCodester Online Computer and Laptop Store 1.0. This flaw exists within the 'products.php' file, where manipulation of the 'c' argument can allow attackers to execute arbitrary SQL code. This vulnerability can be exploited remotely, potentially allowing unauthorized access to sensitive data. The details of this flaw have been publicly disclosed, highlighting the importance of immediate remediation for users of this application.",SourceCodester,Online Computer and Laptop Store,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-05-11T14:15:00.000Z,0 CVE-2023-2242,https://securityvulnerability.io/vulnerability/CVE-2023-2242,SourceCodester Online Computer and Laptop Store GET Parameter sql injection,"A vulnerability exists within SourceCodester's Online Computer and Laptop Store 1.0, specifically relating to its GET Parameter Handler component. By manipulating the argument 'c/s', an attacker is able to execute SQL injection attacks, which can be executed remotely. This vulnerability reveals a critical oversight in input validation, allowing unauthorized access and exploitation of the application's database framework. Security measures and patches are urgently recommended to mitigate associated risks.",SourceCodester,Online Computer and Laptop Store,8.8,HIGH,0.003229999914765358,false,,false,false,false,,,false,false,,2023-04-22T16:15:00.000Z,0 CVE-2023-1986,https://securityvulnerability.io/vulnerability/CVE-2023-1986,SourceCodester Online Computer and Laptop Store delete_order sql injection,"A vulnerability exists in the SourceCodester Online Computer and Laptop Store version 1.0 that allows for SQL injection via the delete_order function in the master.php file. By manipulating the argument 'id', an attacker could potentially execute arbitrary SQL queries on the database. This vulnerability can be exploited remotely, and its details have been publicly disclosed, making it imperative for users to take preventive measures to secure their systems.",Sourcecodester,Online Computer And Laptop Store,6.3,MEDIUM,0.002580000087618828,false,,false,false,true,2023-04-11T19:15:00.000Z,true,false,false,,2023-04-11T19:15:00.000Z,0 CVE-2023-1987,https://securityvulnerability.io/vulnerability/CVE-2023-1987,SourceCodester Online Computer and Laptop Store update_order_status sql injection,"A vulnerability exists in the SourceCodester Online Computer and Laptop Store version 1.0, specifically within the function responsible for updating order statuses. The flaw allows for SQL injection via manipulation of the 'id' argument, which can be exploited remotely. This vulnerability poses significant risks as it can enable attackers to execute unauthorized SQL commands, potentially leading to unauthorized access to sensitive data. Due to public disclosure of the exploit, immediate patching is recommended to mitigate risks associated with this vulnerability.",SourceCodester,Online Computer and Laptop Store,7.2,HIGH,0.002580000087618828,false,,false,false,false,,,false,false,,2023-04-11T19:15:00.000Z,0 CVE-2023-1988,https://securityvulnerability.io/vulnerability/CVE-2023-1988,SourceCodester Online Computer and Laptop Store cross site scripting,A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=maintenance/brand. The manipulation of the argument Brand Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225536.,SourceCodester,Online Computer and Laptop Store,4.8,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2023-04-11T19:15:00.000Z,0 CVE-2023-1985,https://securityvulnerability.io/vulnerability/CVE-2023-1985,SourceCodester Online Computer and Laptop Store save_brand sql injection,"A SQL injection vulnerability exists in the Online Computer and Laptop Store 1.0 due to improper input handling in the save_brand function located in /classes/Master.php?f=save_brand. Attackers can exploit this flaw remotely by manipulating the 'name' argument, potentially leading to unauthorized database access and data manipulation. The issue has been publicly disclosed and could be leveraged by malicious entities.",SourceCodester,Online Computer and Laptop Store,7.2,HIGH,0.002580000087618828,false,,false,false,false,,,false,false,,2023-04-11T18:15:00.000Z,0 CVE-2023-1961,https://securityvulnerability.io/vulnerability/CVE-2023-1961,SourceCodester Online Computer and Laptop Store cross site scripting,A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348.,SourceCodester,Online Computer and Laptop Store,6.1,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2023-04-08T12:15:00.000Z,0 CVE-2023-1960,https://securityvulnerability.io/vulnerability/CVE-2023-1960,SourceCodester Online Computer and Laptop Store sql injection,"A notable vulnerability exists in the Online Computer and Laptop Store 1.0 software, specifically in the file /classes/Master.php?f=delete_category. This flaw allows an attacker to manipulate the 'id' argument, potentially leading to SQL injection attacks. Such vulnerabilities enable malicious actors to execute arbitrary SQL commands on the backend database, allowing unauthorized access, data leakage, or data manipulation. The exploit can be triggered remotely, exposing users and systems to significant security risks. Public disclosure of this vulnerability raises the urgency for affected users to take remediation measures promptly.",SourceCodester,Online Computer and Laptop Store,8.8,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-04-08T12:15:00.000Z,0 CVE-2023-1957,https://securityvulnerability.io/vulnerability/CVE-2023-1957,SourceCodester Online Computer and Laptop Store Subcategory sql injection,"A vulnerability exists in the SourceCodester Online Computer and Laptop Store software version 1.0, affecting its Subcategory Handler component. The issue is linked to improper handling of the input parameter 'sub_category' in the Master.php file, which exposes the application to SQL injection attacks. This allows remote attackers to manipulate database queries, potentially leading to unauthorized data access or modification. The exploit is publicly known, heightening the urgency for users to apply security measures.",SourceCodester,Online Computer and Laptop Store,8.8,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-04-08T11:15:00.000Z,0 CVE-2023-1958,https://securityvulnerability.io/vulnerability/CVE-2023-1958,SourceCodester Online Computer and Laptop Store sql injection,"A vulnerability exists in the Online Computer and Laptop Store software by SourceCodester, specifically within the /classes/Master.php?f=delete_sub_category file. An attacker can manipulate the 'id' parameter, leading to SQL injection that may allow remote execution of malicious queries. This serious security flaw has been publicly disclosed and poses a significant risk to users of this software. Users are advised to apply available patches or updates to mitigate the risk.",SourceCodester,Online Computer and Laptop Store,9.8,CRITICAL,0.002139999996870756,false,,false,false,false,,,false,false,,2023-04-08T11:15:00.000Z,0 CVE-2023-1959,https://securityvulnerability.io/vulnerability/CVE-2023-1959,SourceCodester Online Computer and Laptop Store sql injection,A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability.,Sourcecodester,Online Computer And Laptop Store,6.3,MEDIUM,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-04-08T11:15:00.000Z,0 CVE-2023-1956,https://securityvulnerability.io/vulnerability/CVE-2023-1956,SourceCodester Online Computer and Laptop Store Image path traversal,"A path traversal vulnerability has been identified in the Image Handler component of SourceCodester's Online Computer and Laptop Store 1.0. This security flaw allows an attacker to manipulate the 'path' parameter in the file /classes/Master.php?f=delete_img. By doing so, an unauthorized user can potentially access sensitive files on the server, leading to unauthorized file deletion and exposure of confidential data. The vulnerability is remote exploitable, meaning that it can be exploited without needing physical access to the system. With the exploit publicly disclosed, it is essential for users to secure their systems against possible attacks.",SourceCodester,Online Computer and Laptop Store,8.8,HIGH,0.0027099999133497477,false,,false,false,false,,,false,false,,2023-04-08T10:15:00.000Z,0 CVE-2023-1955,https://securityvulnerability.io/vulnerability/CVE-2023-1955,SourceCodester Online Computer and Laptop Store User Registration login.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Online Computer and Laptop Store's User Registration component. This flaw is found within the login.php file, where improper handling of the email parameter allows an attacker to manipulate SQL queries. The vulnerability can be exploited remotely, potentially compromising sensitive data and leading to unauthorized access. As the exploit has been publicly disclosed, it poses significant risks for users and administrators of the platform.",Sourcecodester,Online Computer And Laptop Store,7.3,HIGH,0.002139999996870756,false,,false,false,false,,,false,false,,2023-04-08T10:15:00.000Z,0 CVE-2023-1953,https://securityvulnerability.io/vulnerability/CVE-2023-1953,SourceCodester Online Computer and Laptop Store index.php sql injection,"A vulnerability in the SourceCodester Online Computer and Laptop Store 1.0 allows for SQL injection via parameters in the /admin/sales/index.php file. By manipulating the arguments 'date_start' and 'date_end', attackers can execute unauthorized SQL commands, potentially compromising the database. This issue can be exploited remotely, posing significant risks to the security and integrity of the application's data. The vulnerability has been disclosed publicly, making it critical for users to implement necessary security measures.",SourceCodester,Online Computer and Laptop Store,8.8,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-04-08T10:15:00.000Z,0 CVE-2023-1954,https://securityvulnerability.io/vulnerability/CVE-2023-1954,SourceCodester Online Computer and Laptop Store manage.php save_inventory sql injection,"A vulnerability in the SourceCodester Online Computer and Laptop Store version 1.0 allows for SQL injection through the 'save_inventory' function in the '/admin/product/manage.php' file. The exploitation of this vulnerability can be initiated remotely, potentially leading to unauthorized access to sensitive data. Due to public disclosure, this vulnerability is of particular concern, as attackers may leverage it to compromise the integrity of the application and its database.",SourceCodester,Online Computer and Laptop Store,8.8,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-04-08T10:15:00.000Z,0 CVE-2023-1952,https://securityvulnerability.io/vulnerability/CVE-2023-1952,SourceCodester Online Computer and Laptop Store Product Search ?p=products sql injection,"A SQL injection vulnerability has been identified in the SourceCodester Online Computer and Laptop Store 1.0, affecting the product search functionality. By manipulating the 'search' parameter through the component, an attacker could execute malicious SQL queries. This issue can be exploited remotely, allowing malicious actors to gain unauthorized access to sensitive data stored in the database. Awareness of this vulnerability is crucial for effective security measures aimed at protecting user data and application integrity.",Sourcecodester,Online Computer And Laptop Store,6.3,MEDIUM,0.0021800000686198473,false,,false,false,true,2023-04-08T09:15:00.000Z,true,false,false,,2023-04-08T09:15:00.000Z,0