CVE-2024-4826

Name of the Vulnerable Software and Affected Versions Simple PHP Shopping Cart version 0.9

Description The issue is related to a SQL injection vulnerability that could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query. This is due to the lack of proper sanitisation of the category id parameter in the category.php file.

Recommendations For version 0.9, consider disabling the category id parameter in the category.php file until a patch is available. Restrict access to the category.php file to minimize the risk of exploitation. Avoid using the category id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.