CVE-2023-7183 MEDIUM

CVE-2023-7183: 7-card Fakabao alipay_notify.php sql injection

Vendor 7-Card
Product Fakabao
Weakness CWE-89 · SQLi
Published December 31, 2023
Last update April 17, 2025
View on NVD All CVEs

CVSS base score

5.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

December 31, 2023 CVE published
April 17, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-52820 WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability CVE-2026-39479 WordPress OttoKit plugin <= 1.1.20 - SQL Injection vulnerability CVE-2025-11311 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findTenantPage.do findTenantPage sql injection CVE-2024-13483 LTL Freight Quotes – SAIA Edition <= 2.2.10 - Unauthenticated SQL Injection CVE-2020-35742 HGiga MailSherlock - SQL Injection -1