CVE-2024-33273

Name of the Vulnerable Software and Affected Versions shipup versions prior to 3.3.0

Description A SQL injection issue allows a remote attacker to escalate privileges via the getShopID function. This enables the attacker to potentially gain unauthorized access to sensitive data or systems.

Recommendations For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the getShopID function until a patch is available.