CVE-2024-9809

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2015-6004

MEDIUM
CVSS:6.5(Medium)

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.as...

CWE-892015

CVE-2015-6433

MEDIUM
CVSS:6.5(Medium)

SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.

CWE-892015

CVE-2016-1308

MEDIUM
CVSS:6.5(Medium)

SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.

CWE-892016

CVE-2016-1437

MEDIUM
CVSS:6.5(Medium)

SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID ...

CWE-892016

CVE-2016-2950

MEDIUM
CVSS:6.5(Medium)

SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-892016

CVE-2016-5653

MEDIUM
CVSS:6.5(Medium)

Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.

CWE-892016