SQL Injection in Online Shopping Portal 3.1 Login (CVE-2023-38890)
CVE-2023-38890 Published on August 18, 2023
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
Products Associated with CVE-2023-38890
stack.watch emails you whenever new vulnerabilities are published in Onlineshoppingportalproject Online Shopping Portal or PHPGurukul Online Shopping Portal. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.