CVE-2024-1258

Name of the Vulnerable Software and Affected Versions Juanpao JPShop versions up to 1.5.02

Description A vulnerability was found in the API component of Juanpao JPShop, specifically in the file api/config/params.php. The manipulation of the JWT KEY ADMIN argument leads to the use of a hard-coded cryptographic key. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations For Juanpao JPShop versions up to 1.5.02, consider updating to a version that fixes the use of hard-coded cryptographic keys, specifically addressing the issue in the JWT KEY ADMIN argument. As a temporary workaround, consider restricting access to the api/config/params.php file to minimize the risk of exploitation.