Home

Description

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter.

PUBLISHED Reserved 2024-04-29 | Published 2024-08-06 | Updated 2024-08-06 | Assigner INCIBE




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

1.0
affected

Default status
unaffected

1.0
affected

Default status
unaffected

1.0
affected

Credits

Rafael Pedrero finder

References

www.incibe.es/...so/multiple-vulnerabilities-janobe-products

cve.org (CVE-2024-33964)

nvd.nist.gov (CVE-2024-33964)

Download JSON