CVE-2021-46446

Name of the Vulnerable Software and Affected Versions H.H.G Multistore versions 5.1.0 and below

Description The issue is a SQL injection vulnerability. It can be exploited via the "/admin/admin.php?module=admin access group edit&aagID" endpoint, specifically targeting the aagID variable. This vulnerability allows for unauthorized access to sensitive data.

Recommendations For versions 5.1.0 and below, consider restricting access to the "/admin/admin.php?module=admin access group edit&aagID" endpoint until a patch is available. As a temporary workaround, avoid using the aagID variable in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.