Vulnerability Details CVE-2023-38890
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-38890
-
cpe:2.3:a:phpgurukul:online_shopping_portal:3.1