CVE-2024-4309

Name of the Vulnerable Software and Affected Versions HubBank version 1.0.2

Description The issue is related to a SQL injection vulnerability that could allow an attacker to send a specially crafted SQL query to the database through different endpoints, such as "/user/transaction.php?id=1", "/user/credit-debit transaction.php?id=1", "/user/view transaction.php?id=1", and "/user/viewloantrans.php?id=1", using the id parameter, and retrieve the information stored in the database.

Recommendations For HubBank version 1.0.2, as a temporary workaround, consider disabling access to the vulnerable endpoints until a patch is available. Restrict access to the id parameter in the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.