Search criteria
6 vulnerabilities found for Online Shopping Portal by Codezips
CVE-2024-9794 (GCVE-0-2024-9794)
Vulnerability from nvd – Published: 2024-10-10 16:00 – Updated: 2024-10-10 16:27
VLAI
Title
Codezips Online Shopping Portal update-image1.php unrestricted upload
Summary
A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.279947 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.279947 | signaturepermissions-required |
| https://vuldb.com/?submit.417583 | third-party-advisory |
| https://github.com/ppp-src/CVE/issues/7 | exploitissue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Codezips | Online Shopping Portal |
Affected:
1.0
|
|
| online_shopping_portal_project | online_shopping_portal |
Affected:
1.0
cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_shopping_portal",
"vendor": "online_shopping_portal_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9794",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:26:15.207282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:27:19.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Shopping Portal",
"vendor": "Codezips",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "polaris0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Codezips Online Shopping Portal 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /update-image1.php. Durch Manipulieren des Arguments productimage1 mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:00:07.327Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279947 | Codezips Online Shopping Portal update-image1.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279947"
},
{
"name": "VDB-279947 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279947"
},
{
"name": "Submit #417583 | Codezips Online Shopping Portal In PHP With Source Code-2 V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.417583"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ppp-src/CVE/issues/7"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-10T09:30:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "Codezips Online Shopping Portal update-image1.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9794",
"datePublished": "2024-10-10T16:00:07.327Z",
"dateReserved": "2024-10-10T07:25:34.709Z",
"dateUpdated": "2024-10-10T16:27:19.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9460 (GCVE-0-2024-9460)
Vulnerability from nvd – Published: 2024-10-03 14:31 – Updated: 2024-10-03 15:19
VLAI
Title
Codezips Online Shopping Portal index.php sql injection
Summary
A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - SQL Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.279132 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.279132 | signaturepermissions-required |
| https://vuldb.com/?submit.417052 | third-party-advisory |
| https://github.com/ppp-src/CVE/issues/8 | broken-linkexploitissue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Codezips | Online Shopping Portal |
Affected:
1.0
|
|
| online_shopping_portal_project | online_shopping_portal |
Affected:
1.0
cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_shopping_portal",
"vendor": "online_shopping_portal_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:18:52.087047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:19:45.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Shopping Portal",
"vendor": "Codezips",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "acmglz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Codezips Online Shopping Portal 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei index.php. Durch das Manipulieren des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:31:04.335Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279132 | Codezips Online Shopping Portal index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279132"
},
{
"name": "VDB-279132 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279132"
},
{
"name": "Submit #417052 | Codezips Online Shopping Portal In PHP With Source Code V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.417052"
},
{
"tags": [
"broken-link",
"exploit",
"issue-tracking"
],
"url": "https://github.com/ppp-src/CVE/issues/8"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-03T09:54:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "Codezips Online Shopping Portal index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9460",
"datePublished": "2024-10-03T14:31:04.335Z",
"dateReserved": "2024-10-03T07:49:39.055Z",
"dateUpdated": "2024-10-03T15:19:45.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9038 (GCVE-0-2024-9038)
Vulnerability from nvd – Published: 2024-09-20 16:00 – Updated: 2024-09-20 16:19
VLAI
Title
Codezips Online Shopping Portal insert-product.php unrestricted upload
Summary
A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.278209 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.278209 | signaturepermissions-required |
| https://vuldb.com/?submit.411466 | third-party-advisory |
| https://github.com/L1OudFd8cl09/CVE/blob/main/20_… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Codezips | Online Shopping Portal |
Affected:
1.0
|
|
| online_shopping_portal_project | online_shopping_portal |
Affected:
1.0
cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_shopping_portal",
"vendor": "online_shopping_portal_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T16:18:52.661261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T16:19:43.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Shopping Portal",
"vendor": "Codezips",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "N3xu5Cr4ck37 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Codezips Online Shopping Portal 1.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei insert-product.php. Durch Manipulieren des Arguments productimage1/productimage2/productimage3 mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T16:00:06.215Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-278209 | Codezips Online Shopping Portal insert-product.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.278209"
},
{
"name": "VDB-278209 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.278209"
},
{
"name": "Submit #411466 | Codezips Online Shopping Portal In PHP With Source Code V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.411466"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/L1OudFd8cl09/CVE/blob/main/20_09_2024_b.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-20T10:23:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Codezips Online Shopping Portal insert-product.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9038",
"datePublished": "2024-09-20T16:00:06.215Z",
"dateReserved": "2024-09-20T08:18:05.094Z",
"dateUpdated": "2024-09-20T16:19:43.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9794 (GCVE-0-2024-9794)
Vulnerability from cvelistv5 – Published: 2024-10-10 16:00 – Updated: 2024-10-10 16:27
VLAI
Title
Codezips Online Shopping Portal update-image1.php unrestricted upload
Summary
A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.279947 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.279947 | signaturepermissions-required |
| https://vuldb.com/?submit.417583 | third-party-advisory |
| https://github.com/ppp-src/CVE/issues/7 | exploitissue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Codezips | Online Shopping Portal |
Affected:
1.0
|
|
| online_shopping_portal_project | online_shopping_portal |
Affected:
1.0
cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_shopping_portal",
"vendor": "online_shopping_portal_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9794",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:26:15.207282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:27:19.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Shopping Portal",
"vendor": "Codezips",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "polaris0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Codezips Online Shopping Portal 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /update-image1.php. Durch Manipulieren des Arguments productimage1 mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:00:07.327Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279947 | Codezips Online Shopping Portal update-image1.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279947"
},
{
"name": "VDB-279947 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279947"
},
{
"name": "Submit #417583 | Codezips Online Shopping Portal In PHP With Source Code-2 V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.417583"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ppp-src/CVE/issues/7"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-10T09:30:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "Codezips Online Shopping Portal update-image1.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9794",
"datePublished": "2024-10-10T16:00:07.327Z",
"dateReserved": "2024-10-10T07:25:34.709Z",
"dateUpdated": "2024-10-10T16:27:19.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9460 (GCVE-0-2024-9460)
Vulnerability from cvelistv5 – Published: 2024-10-03 14:31 – Updated: 2024-10-03 15:19
VLAI
Title
Codezips Online Shopping Portal index.php sql injection
Summary
A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - SQL Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.279132 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.279132 | signaturepermissions-required |
| https://vuldb.com/?submit.417052 | third-party-advisory |
| https://github.com/ppp-src/CVE/issues/8 | broken-linkexploitissue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Codezips | Online Shopping Portal |
Affected:
1.0
|
|
| online_shopping_portal_project | online_shopping_portal |
Affected:
1.0
cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_shopping_portal",
"vendor": "online_shopping_portal_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:18:52.087047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:19:45.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Shopping Portal",
"vendor": "Codezips",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "acmglz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Codezips Online Shopping Portal 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei index.php. Durch das Manipulieren des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:31:04.335Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279132 | Codezips Online Shopping Portal index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279132"
},
{
"name": "VDB-279132 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279132"
},
{
"name": "Submit #417052 | Codezips Online Shopping Portal In PHP With Source Code V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.417052"
},
{
"tags": [
"broken-link",
"exploit",
"issue-tracking"
],
"url": "https://github.com/ppp-src/CVE/issues/8"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-03T09:54:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "Codezips Online Shopping Portal index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9460",
"datePublished": "2024-10-03T14:31:04.335Z",
"dateReserved": "2024-10-03T07:49:39.055Z",
"dateUpdated": "2024-10-03T15:19:45.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9038 (GCVE-0-2024-9038)
Vulnerability from cvelistv5 – Published: 2024-09-20 16:00 – Updated: 2024-09-20 16:19
VLAI
Title
Codezips Online Shopping Portal insert-product.php unrestricted upload
Summary
A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.278209 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.278209 | signaturepermissions-required |
| https://vuldb.com/?submit.411466 | third-party-advisory |
| https://github.com/L1OudFd8cl09/CVE/blob/main/20_… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Codezips | Online Shopping Portal |
Affected:
1.0
|
|
| online_shopping_portal_project | online_shopping_portal |
Affected:
1.0
cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:online_shopping_portal_project:online_shopping_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_shopping_portal",
"vendor": "online_shopping_portal_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T16:18:52.661261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T16:19:43.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Shopping Portal",
"vendor": "Codezips",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "N3xu5Cr4ck37 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Codezips Online Shopping Portal 1.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei insert-product.php. Durch Manipulieren des Arguments productimage1/productimage2/productimage3 mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T16:00:06.215Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-278209 | Codezips Online Shopping Portal insert-product.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.278209"
},
{
"name": "VDB-278209 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.278209"
},
{
"name": "Submit #411466 | Codezips Online Shopping Portal In PHP With Source Code V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.411466"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/L1OudFd8cl09/CVE/blob/main/20_09_2024_b.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-20T10:23:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Codezips Online Shopping Portal insert-product.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9038",
"datePublished": "2024-09-20T16:00:06.215Z",
"dateReserved": "2024-09-20T08:18:05.094Z",
"dateUpdated": "2024-09-20T16:19:43.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}