CVE-2021-43679

Name of the Vulnerable Software and Affected Versions: ecshop version 2.7.3

Description: The issue is a SQL injection vulnerability located in the shopexecshopuploadapiclientapi.php file. This vulnerability can be exploited through the API endpoint /api/client/api.php, although the specific variables or function names involved are not detailed. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: For ecshop version 2.7.3, as a temporary workaround, consider restricting access to the api.php file in the shopexecshopuploadapiclient directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.