Simple And Nice Shopping Cart Script
Monthly
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows unauthenticated remote attackers to manipulate the Username parameter on /login.php, potentially bypassing authentication or extracting database contents. A publicly available proof-of-concept exploit exists, published via a GitHub issue and documented in VulDB entry 377116. No CISA KEV listing is present, but the combination of network accessibility, no authentication requirement, and a live POC makes this a practical risk for any exposed deployment.
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 enables remote, unauthenticated attackers to manipulate database queries through the user_id parameter in /admin/mensproductdeletequery.php, exposing partial confidentiality, integrity, and availability of the underlying database. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates no authentication or special conditions are required for exploitation over the network. A public exploit has been disclosed on GitHub, elevating the practical risk above the raw score suggests - though this is not confirmed as actively exploited by CISA KEV at time of analysis.
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 exposes the admin login interface to remote unauthenticated attackers through unsanitized input in the Username parameter of /admin/login.php. The CVSS 4.0 score of 6.9 (Medium) reflects limited per-request impact (VC:L/VI:L/VA:L), but a publicly available proof-of-concept exploit (E:P) on GitHub substantially lowers the exploitation bar for opportunistic attackers. No KEV listing exists at time of analysis; however, the trivial attack complexity (AC:L, AT:N, PR:N, UI:N) combined with public exploit code makes any internet-facing deployment of this script an immediate remediation priority.
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows unauthenticated remote attackers to manipulate the Username parameter on /login.php, potentially bypassing authentication or extracting database contents. A publicly available proof-of-concept exploit exists, published via a GitHub issue and documented in VulDB entry 377116. No CISA KEV listing is present, but the combination of network accessibility, no authentication requirement, and a live POC makes this a practical risk for any exposed deployment.
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 enables remote, unauthenticated attackers to manipulate database queries through the user_id parameter in /admin/mensproductdeletequery.php, exposing partial confidentiality, integrity, and availability of the underlying database. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates no authentication or special conditions are required for exploitation over the network. A public exploit has been disclosed on GitHub, elevating the practical risk above the raw score suggests - though this is not confirmed as actively exploited by CISA KEV at time of analysis.
SQL injection in SourceCodester Simple and Nice Shopping Cart Script 1.0 exposes the admin login interface to remote unauthenticated attackers through unsanitized input in the Username parameter of /admin/login.php. The CVSS 4.0 score of 6.9 (Medium) reflects limited per-request impact (VC:L/VI:L/VA:L), but a publicly available proof-of-concept exploit (E:P) on GitHub substantially lowers the exploitation bar for opportunistic attackers. No KEV listing exists at time of analysis; however, the trivial attack complexity (AC:L, AT:N, PR:N, UI:N) combined with public exploit code makes any internet-facing deployment of this script an immediate remediation priority.
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.