Description
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item_number results in sql injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
Problem types
Product status
Timeline
| 2026-07-11: | Advisory disclosed |
| 2026-07-11: | VulDB entry created |
| 2026-07-11: | VulDB entry last update |
Credits
Dest1ny_2 (VulDB User)
VulDB CNA Team
References
vuldb.com/vuln/377809 (VDB-377809 | AojiaoZero Antaris PayPal IPN Payment ipn.php _rewardPurchase sql injection)
vuldb.com/vuln/377809/cti (VDB-377809 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-15502 (CVE-2026-15502 | CVE Analysis and Report)
vuldb.com/submit/844725 (Submit #844725 | AojiaoZero Antaris latest (2026-06, no formal release) SQL Injection)