Primary

Context

Code-Projects Online Shoe Store SQL Injection Vulnerability in summary.php

Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Online Shoe Store version 1.0. The issue resides in the summary.php file, where the tid parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, potentially leading to unauthorized access to the application's database or even remote code execution.

Impact

Exploitation of this vulnerability allows for SQL injection, with potential consequences of unauthorized database access and remote code execution.

Reproduction

The vulnerability can be reproduced by sending a request to the summary.php file with a crafted tid parameter that includes malicious SQL code. This can be done using a tool like sqlmap, which can automate the process of exploiting SQL injection vulnerabilities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Online Shoe Store SQL Injection Vulnerability in summary.php

Vulnerability

Impact

Reproduction

Affected Products

code-projects Online Shoe Store

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating