{"api_version":"1","generated_at":"2026-05-06T02:36:31+00:00","cve":"CVE-2023-1958","urls":{"html":"https://cve.report/CVE-2023-1958","api":"https://cve.report/api/cve/CVE-2023-1958.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1958","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1958"},"summary":{"title":"CVE-2023-1958","description":"A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2023-04-08 11:15:00","updated_at":"2023-11-07 04:05:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://vuldb.com/?id.225345","name":"https://vuldb.com/?id.225345","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVE-2023-1958 | SourceCodester Online Computer and Laptop Store sql injection","mime":"text/html","httpstatus":"401","archivestatus":"200"},{"url":"https://vuldb.com/?ctiid.225345","name":"https://vuldb.com/?ctiid.225345","refsource":"MISC","tags":["Permissions Required","Third Party Advisory"],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20present%20at%20subcategory%20deletion.pdf","name":"https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20present%20at%20subcategory%20deletion.pdf","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Online-Computer-and-Laptop-Store/SQL injection present at subcategory deletion.pdf at main · boyi0508/Online-Computer-and-Laptop-Store · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1958","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1958","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1958","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"online_computer_and_laptop_store_project","cpe5":"online_computer_and_laptop_store","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1958","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oretnom23","cpe5":"online_computer_and_laptop_store","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-1958","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability."},{"lang":"deu","value":"Es wurde eine kritische Schwachstelle in SourceCodester Online Computer and Laptop Store 1.0 gefunden. Es betrifft eine unbekannte Funktion der Datei /classes/Master.php?f=delete_sub_category. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89 SQL Injection","cweId":"CWE-89"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"SourceCodester","product":{"product_data":[{"product_name":"Online Computer and Laptop Store","version":{"version_data":[{"version_affected":"=","version_value":"1.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://vuldb.com/?id.225345","refsource":"MISC","name":"https://vuldb.com/?id.225345"},{"url":"https://vuldb.com/?ctiid.225345","refsource":"MISC","name":"https://vuldb.com/?ctiid.225345"},{"url":"https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20present%20at%20subcategory%20deletion.pdf","refsource":"MISC","name":"https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20present%20at%20subcategory%20deletion.pdf"}]},"credits":[{"lang":"en","value":"yanfei.chen (VulDB User)"}],"impact":{"cvss":[{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"},{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"},{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}]}},"nvd":{"publishedDate":"2023-04-08 11:15:00","lastModifiedDate":"2023-11-07 04:05:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oretnom23:online_computer_and_laptop_store:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}