CVE-2025-3298

Published Apr 5, 2025

Last updated a year ago

CVSS medium 5.3

Overview

Description
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Registration Handler. The manipulation of the argument email leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Source
cna@vuldb.com
NVD status
Analyzed
Products
online_eyewear_shop

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

CVSS 2.0

Type
Secondary
Base score
4
Impact score
2.9
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

cna@vuldb.com
CWE-266

Social media

Hype score
Not currently trending

  1. CVE-2025-3298 A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of th… https://t.co/IUQss92VGQ

    @CVEnew

    5 Apr 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-3298 🟠 MEDIUM (5.3) 🏒 SourceCodester - Online Eyewear Shop πŸ—οΈ 1.0 πŸ”— https://t.co/9X7SP2JAip πŸ”— https://t.co/UcQUWWQp08 πŸ”— https://t.co/eXoOKGwpCX πŸ”— https://t.co/cesSIzJlio πŸ”— https://t.co/STjJUiICMx #CyberCron #VulnAlert #InfoSec https://t.co/CctAthIozD

    @cybercronai

    5 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-3298 SourceCodester Online Eyewear Shop 1.0 Improper Access Control via Email Manipulation https://t.co/QAOiAnifLw

    @VulmonFeeds

    5 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.β€’CVE-2025-4173
  2. A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.β€’CVE-2025-3817
  3. A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.β€’CVE-2025-3692
  4. A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.β€’CVE-2025-3297
  5. A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=delete_customer. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.β€’CVE-2025-3296

References

Sources include official advisories and independent security research.