CVE-2022-42109

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-42109
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://medium.com/@grimthereaperteam/online-shopping-system-advanced-sql-injection-at-product-php-c55c435c35c2 Exploit Third Party Advisory
https://github.com/PuneethReddyHC/online-shopping-system-advanced Product
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:online-shopping-system-advanced_project:online-shopping-system-advanced:1.0:*:*:*:*:*:*:*
Information

Published : 2022-11-28 20:15

Updated : 2022-11-29 20:58

NVD link : CVE-2022-42109

Mitre link : CVE-2022-42109

JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa
Products Affected

online-shopping-system-advanced_project

  • online-shopping-system-advanced