CVE-2022-40934

Name of the Vulnerable Software and Affected Versions Online Pet Shop We App version 1.0

Description The issue is related to SQL injection via the /pet shop/classes/Master.php endpoint, specifically when the f parameter is set to delete sub category and the id variable is used. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For Online Pet Shop We App version 1.0, consider restricting access to the /pet shop/classes/Master.php endpoint, specifically when the f parameter is set to delete sub category, to minimize the risk of exploitation. Avoid using the id variable in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.