CVE-2024-25248

Name of the Vulnerable Software and Affected Versions Niushop B2B2C V5

Description The issue concerns a SQL Injection vulnerability in the orderGoodsDelivery() function, allowing attackers to execute arbitrary SQL commands via the order id parameter.

Recommendations For Niushop B2B2C V5, as a temporary workaround, consider restricting access to the orderGoodsDelivery() function until a patch is available. Avoid using the order id parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.