CVE-2022-34972

Name of the Vulnerable Software and Affected Versions So Filter Shop versions 3.x

Description The issue is related to multiple blind SQL injection vulnerabilities. These vulnerabilities can be exploited via the att value id, manu value id, opt value id, and subcate value id parameters at the "/index.php?route=extension/module/so filter shop by/filter data" endpoint.

Recommendations For So Filter Shop version 3.x, consider disabling the parameters att value id, manu value id, opt value id, and subcate value id in the "/index.php?route=extension/module/so filter shop by/filter data" endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.