CVE-2024-2074

Name of the Vulnerable Software and Affected Versions Mini-Tmall versions up to 20231017

Description A critical issue affects the processing of the file at the endpoint "?r=tmall/admin/user/1/1". The manipulation of the orderBy argument leads to SQL injection. The attack can be initiated remotely.

Recommendations For Mini-Tmall versions up to 20231017, as a temporary workaround, consider restricting access to the endpoint "?r=tmall/admin/user/1/1" to minimize the risk of exploitation. Avoid using the orderBy argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.