Vulnerability Details CVE-2022-34989
Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.2%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Md-Saiful-Islam-creativesaiful/2021/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Md-Saiful-Islam-creativesaiful/2021/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar
Products affected by CVE-2022-34989
-
cpe:2.3:a:fruits_bazar_project:fruits_bazar:1.0