PT-2023-29076 · Unknown · Addifyfreegifts
Published
2023-11-01
·
Updated
2023-11-09
·
CVE-2023-44025
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Addifyfreegifts versions 1.0.2 and earlier
Description
The issue allows a remote attacker to execute arbitrary code via a crafted script to the
getrulebyid function in the AddifyfreegiftsModel.php component. This enables the attacker to potentially inject SQL code, leading to unauthorized access and control.Recommendations
For Addifyfreegifts versions 1.0.2 and earlier, consider disabling the
getrulebyid function in the AddifyfreegiftsModel.php component until a patch is available to prevent potential SQL injection attacks.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Addifyfreegifts