CVE-2024-13205 | kurniaramadhan E-Commerce-PHP 1.0 Create Product Page create_product.php Name sql injection

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to sql injection.

This vulnerability is handled as CVE-2024-13205. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-13205 | kurniaramadhan E-Commerce-PHP 1.0 Create Product Page create_product.php Name sql injection

Post correlati

CVE-2024-0798 | mintplex-labs anything-llm up to 0.0.x HTTP DELETE Request least privilege violation

CVE-2024-11256 | 1000 Projects Portfolio Management System MCA 1.0 /login.php username sql injection

CVE-2024-30102 | Microsoft unknown vulnerability

CVE-2024-5827 | vanna-ai vanna up to 0.3.4 DuckDB unrestricted upload