CVE-2024-4307

Name of the Vulnerable Software and Affected Versions HubBank version 1.0.2

Description The issue is a SQL injection vulnerability that could allow an attacker to send a specially crafted SQL query to the database through different endpoints, such as "/accounts/activities.php?id=1", "/accounts/view-deposit.php?id=1", "/accounts/view cards.php?id=1", "/accounts/wire-transfer.php?id=1", and "/accounts/wiretransfer-pending.php?id=1", using the id parameter, and retrieve the information stored in the database.

Recommendations For HubBank version 1.0.2, as a temporary workaround, consider disabling access to the vulnerable endpoints until a patch is available. Restrict the use of the id parameter in the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.