Another critical vulnerability has been found in the virtual shopping cart software SourceCodester Simple and Nice Shopping Cart Script. The vulnerability is located in the file /mkshop/Men/profile.php. The code responsible for creating the argument mem_id leads to sql injection. The exploit can be launched remotely. The identifier VDB-207002 was assigned to this vulnerability.
Another critical vulnerability has been found in the virtual shopping cart software SourceCodester Simple and Nice Shopping Cart Script. The vulnerability is located in the file /mkshop/Men/profile.php. The code responsible for creating the argument mem_id leads to sql injection. The exploit can be launched remotely. The identifier VDB-207003 was assigned to this vulnerability. A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability. Another critical vulnerability has been found in the virtual shopping cart software SourceCodester Simple and Nice Shopping Cart Script. The vulnerability is located in the file /mkshop/Men/profile.php. The code responsible for creating the argument mem_id leads to sql injection.
Summary
SourceCodester Simple and Nice Shopping Cart Script is vulnerable to sql injection. The vulnerability was discovered by analyzing the file /mkshop/Men/profile.php. SourceCodester Simple and Nice Shopping Cart Script is a shopping cart software that can be used with WordPress and Drupal.
Another critical vulnerability has been found in the virtual shopping cart software SourceCodester Simple and Nice Shopping Cart Script. The vulnerability is located in the file /mkshop/Men/profile.php. The code responsible for creating the argument mem_id leads to sql injection. The exploit can be launched remotely as it is located in the file /mkshop/Men/profile.php, which is just one of many files associated with this project's backend development process
Intro to SQL Injection
SQL injection is a type of security vulnerability that allows hackers to gain unauthorized access to the SQL database of an application. This kind of attack usually takes place when the application administrators fail to filter user-provided input before it's inserted into the database. As a result, malicious commands are executed by the database, allowing an attacker direct control over the backend server. There are many ways to launch an SQL injection attack, but one way is by use of a string of characters known as a "quote." The quote can be used in several different ways in order to execute different attacks. One such method is with use of parentheses, which can be used to create dynamic sql queries.
Vulnerability Class: Critical
Vulnerability ID: VDB-207002
Vendor: SourceCodester Simple and Nice Shopping Cart Script
Product: Men/profile.php
SourceCodester Simple and Nice Shopping Cart Script – VDB-207001
SourceCodester Simple and Nice Shopping Cart Script is a vulnerable e-commerce shopping cart script. The vulnerability is located in the file /mkshop/Men/profile.php. The code responsible for creating the argument mem_id leads to sql injection. The attack can be launched remotely. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. This exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability.
VDB-207004 – SourceCodester Simple and Nice Shopping Cart Script Vulnerability
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207004 was assigned to this vulnerability.
VDB-206002: SourceCodester Simple and Nice Shopping Cart Script – Denial of Service Vulnerability
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206001 was assigned to this vulnerability.
Source Codester Simple and Nice Shopping Cart Script - Denial of Service Vulnerability This is a critical vulnerability that affects the function of men/profile.php which can allow a remote attacker to cause a denial-of-service attack on vulnerable systems
Timeline
Published on: 08/25/2022 06:15:00 UTC
Last modified on: 08/29/2022 14:34:00 UTC