CVE-2024-0301

Name of the Vulnerable Software and Affected Versions fhs-opensource iparking version 1.5.22.RELEASE

Description A critical vulnerability was found in the getData function of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. This issue leads to SQL injection and can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.5.22.RELEASE, as a temporary workaround, consider disabling the getData function of the PayTempOrderAction.java file until a patch is available. Restrict access to the src/main/java/com/xhb/pay/action/PayTempOrderAction.java file to minimize the risk of exploitation. Avoid using the getData function in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.