Online Shopping Portal
CVE-2023-38890
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
AnalysisAI
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. Affected products include: Phpgurukul Online Shopping Portal.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Online Shopping Portal
View allAn SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the
A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. Rated medium severity (CVSS 6.9), this vulne
A vulnerability was found in Campcodes Online Shopping Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability
A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 6
The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forger
A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. Rated medium severity (CVSS 5.3), this vulnerability
A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. Rated m
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVS
A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Rated med
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVS
A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability
Same weakness CWE-89 – SQL Injection
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today