Home

Description

SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.

PUBLISHED Reserved 2024-09-04 | Published 2024-09-18 | Updated 2024-09-18 | Assigner jpcert

Problem types

Improper neutralization of special elements used in an SQL command ('SQL Injection')

Product status

prior to 2.11.2
affected

References

www.welcart.com/archives/22581.html

jvn.jp/en/jp/JVN19766555/

cve.org (CVE-2024-42404)

nvd.nist.gov (CVE-2024-42404)

Download JSON