Simple Subscription Website
CVE-2022-26283
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
AnalysisAI
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. Affected products include: Oretnom23 Simple Subscription Website.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Simple Subscription Website
View allSQL Injection vulnerability exists in Sourcecodester. Rated critical severity (CVSS 9.8), this vulnerability is remotely
A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical.php. Rated critic
A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Rated hi
A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Rated high severity
A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Rated high seve
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter i
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today