PT-2026-21487 · Unknown · Order Up Online Ordering System

Subhash Paudel

Publicado

2026-02-23

Atualizado

2026-03-03

CVE-2026-24494

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Order Up Online Ordering System version 1.0

Description A SQL Injection flaw exists in the /api/integrations/getintegrations API endpoint of Order Up Online Ordering System 1.0. An unauthenticated attacker can exploit this issue by sending a crafted POST request containing malicious SQL code through the store id parameter. Successful exploitation allows unauthorized access to sensitive backend database data.

Recommendations Order Up Online Ordering System version 1.0: Sanitize or validate the store id parameter in the /api/integrations/getintegrations endpoint to prevent SQL injection attacks.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-24494

Produtos afetados

Order Up Online Ordering System

PT-2026-21487 · Unknown · Order Up Online Ordering System

CVE-2026-24494

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13