Vulnerability CVE-2024-8086


Published: 2024-08-22   Modified: 2024-08-23

Description:
A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://vuldb.com/?id.275566
https://vuldb.com/?ctiid.275566
https://vuldb.com/?submit.396320
https://github.com/0xffaaa/cve/blob/main/ecommerce-Universal%20password%20bypasses%20login%20verification.md
https://www.sourcecodester.com/

Copyright 2026, cxsecurity.com

 

Back to Top