X1Ongsec

**Name of the Vulnerable Software and Affected Versions** Hitout car sale version 1.0 **Description** A SQL injection issue allows a remote attacker to obtain sensitive information via the `orderBy` parameter of the StoreController.java component. **Recommendations** For version 1.0, consider restricting access to the `orderBy` parameter in the StoreController.java component to minimize the risk of exploitation. As a temporary workaround, avoid using the `orderBy` parameter until a patch is available.