← voltar
CVE-2024-58316

Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

CVSS 8.7 HIGHEPSS 0.5%CWE-89
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
PuneethReddyHC · online-shopping-system-advanced

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/PuneethReddyHC/online-shopping-system-advancedhttps://www.exploit-db.com/exploits/51811https://www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parameter