CVE-2020-24208

CRITICAL

SourceCodester Online Shopping Alphaware 1.0 - SQL Injection

Title source: llm

Description

A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters.

Exploits (1)

exploitdb WORKING POC

by Ahmed Abbas · textwebappsphp

https://www.exploit-db.com/exploits/48725

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/158684/Online-Shopping-Alphaware-1.0-SQL-Injection.html

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48725

[Product, Third Party Advisory] https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql

Scores

CVSS v3 9.8

EPSS 0.0349

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

online_shopping_alphaware_project/online_shopping_alphaware 1.0

Published Aug 17, 2020

Tracked Since Feb 18, 2026