Skip to content
/ CVE-2023-41507 Public

CVE-2023-41507 A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

redblueteam/CVE-2023-41507

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
assets/images
assets/images
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2023-41507

CVE-2023-41507 - Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.

Vulnerability Type

SQL Injection

Vendor of Product

Super Store Finder

Affected Product Code Base

Super Store Finder - Affected version 3.6 or below. Fixed in version 3.7

CVSS v3.1 Vector (Base Score)

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10.0)

Affected Component

Affected backend DBMS

Attack Type

Remote

Impact Information Disclosure

true

Attack Vectors

The 4 x parameters products, distance, lat, lng in the HTTP POST request are vulnerable to SQL Injection, no user interaction is required.

Screenshot of the indicator of error-based SQL injection Screenshot of the indicator of error-based SQL injection

Screenshot of the Proof-of-Concept to extract the users table using SQLMap Screenshot of the Proof-of-Concept to extract the users table using SQLMap

Patch Notes

https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/

About

CVE-2023-41507 A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published