Unknown · Seur Plugin · CVE-2024-9201
**Name of the Vulnerable Software and Affected Versions**
SEUR plugin versions prior to 2.5.11
**Description**
The SEUR plugin is vulnerable to time-based SQL injection through the use of the `id order` parameter of the "/modules/seur/ajax/saveCodFee.php" endpoint. This issue affects versions prior to 2.5.11.
**Recommendations**
For versions prior to 2.5.11, update to version 2.5.11 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "/modules/seur/ajax/saveCodFee.php" endpoint until a patch is available.
Avoid using the `id order` parameter in the affected endpoint until the issue is resolved.