Wallos · Wallos · CVE-2024-29320
**Name of the Vulnerable Software and Affected Versions**
Wallos versions prior to 1.15.3
**Description**
The issue is related to SQL Injection via the `category` and `payment` parameters to the "/subscriptions/get.php" API endpoint. This allows for potential exploitation.
**Recommendations**
For versions prior to 1.15.3, update to version 1.15.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/subscriptions/get.php" API endpoint or avoiding the use of the `category` and `payment` parameters until the issue is resolved.