CVE-2021-29350

Name of the Vulnerable Software and Affected Versions: 发货100-设计素材下载系统 version 1.1

Description: The issue allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to the "admin/product add.php" endpoint. This is due to a SQL injection in the getip function in conn/function.php.

Recommendations: For 发货100-设计素材下载系统 version 1.1, consider restricting access to the "admin/product add.php" endpoint until a patch is available. As a temporary workaround, avoid using the X-Forwarded-For header in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.