CVE-2024-4308

Name of the Vulnerable Software and Affected Versions HubBank version 1.0.2

Description The issue is related to a SQL injection vulnerability that could allow an attacker to send a specially crafted SQL query to the database through different endpoints, such as "/admin/view users.php?id=1", "/admin/viewloan-trans.php?id=1", "/admin/view-deposit.php?id=1", "/admin/view-domtrans.php?id=1", "/admin/delete cards.php?id=1", "/admin/view cards.php?id=1", and "/admin/view users.php?id=1", using the id parameter, and retrieve the information stored in the database.

Recommendations For HubBank version 1.0.2, as a temporary workaround, consider restricting access to the vulnerable endpoints until a patch is available. Avoid using the id parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.