CVE-2022-30395

Name of the Vulnerable Software and Affected Versions Merchandise Online Store version 1.0

Description The issue concerns SQL Injection. It can be exploited via the /vloggers merch/classes/Master.php?f=delete cart endpoint, specifically through the f parameter set to delete cart.

Recommendations For Merchandise Online Store version 1.0, consider restricting access to the /vloggers merch/classes/Master.php endpoint or the delete cart function to minimize the risk of exploitation. As a temporary workaround, avoid using the f parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.