Detronetdip E-commerce 1.0.0 Allows Remote Attackers to Inject Malicious Code

Summary

A security flaw in Detronetdip E-commerce 1.0.0 makes it possible for hackers to inject malicious code into your website. This could allow them to steal sensitive information, display unwanted messages, or even take control of your site. We recommend updating to a fixed version as soon as possible to protect your customers and data.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
detronetdip	e-commerce	1.0.0	–

Original title

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting....

Original description

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

nvd CVSS2.0 4.0

nvd CVSS3.1 5.4

nvd CVSS4.0 5.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

CWE-94 Code Injection

https://github.com/Nixon-H/PHP-Stored-XSS-Bypass-Real-Escape Exploit Mitigation Third Party Advisory
https://github.com/detronetdip/E-commerce/ Product
https://github.com/detronetdip/E-commerce/issues/23 Exploit Issue Tracking Vendor Advisory
https://vuldb.com/?ctiid.346487 Permissions Required VDB Entry
https://vuldb.com/?id.346487 Third Party Advisory VDB Entry
https://vuldb.com/?submit.754033 Third Party Advisory VDB Entry