cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-3985,https://securityvulnerability.io/vulnerability/CVE-2023-3985,SourceCodester Online Jewelry Store login.php sql injection,"A vulnerability exists in the SourceCodester Online Jewelry Store resulting from improper handling of user inputs in the login.php file. Attackers can exploit this weakness by manipulating the username/password parameters, allowing for unauthorized SQL commands to be executed. This can lead to unauthorized data access and manipulation. The vulnerability is accessible remotely and has been publicly disclosed, making it crucial for users to implement mitigations promptly.",SourceCodester,Online Jewelry Store,9.8,CRITICAL,0.005669999867677689,false,,false,false,false,,,false,false,,2023-07-28T05:15:00.000Z,0
CVE-2023-2864,https://securityvulnerability.io/vulnerability/CVE-2023-2864,SourceCodester Online Jewelry Store POST Parameter customer.php cross site scripting,A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820.,SourceCodester,Online Jewelry Store,6.1,MEDIUM,0.0011399999493733048,false,,false,false,false,,,false,false,,2023-05-24T11:15:00.000Z,0
CVE-2023-2815,https://securityvulnerability.io/vulnerability/CVE-2023-2815,SourceCodester Online Jewelry Store POST Parameter supplier.php sql injection,"A security flaw has been identified in the SourceCodester Online Jewelry Store 1.0, specifically within the supplier.php file. This vulnerability arises from inadequate validation of the 'suppid' parameter, allowing an attacker to execute SQL injection attacks. Such manipulation can compromise the integrity of the database, permitting unauthorized access and data manipulation. Since the exploit can be executed remotely, it poses a significant risk to users and their stored information. The vulnerability has been publicly disclosed, increasing the urgency for mitigative action.",SourceCodester,Online Jewelry Store,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-05-19T17:15:00.000Z,0