What the vulnerability does
01Description
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
Explanation of Vulnerability in Simple Terms
The eCommerce Product Catalog contains a SQL injection vulnerability in versions up to 3.5.5. An attacker can craft malicious input to execute arbitrary SQL queries against the database without authentication. This can expose sensitive product, customer, and order data. The vulnerability requires no user interaction and is remotely exploitable over the network.
What an attacker can do
Execute SQL queries to read or modify database contents, including customer and product data.
Potential impact on your site
Customer data, product information, and orders may be exposed or altered without authorization.
Conditions required to exploit
Network access to the vulnerable application; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities