PT-2024-34336 · Unknown · Easy Digital Downloads
Justakazh
·
Published
2024-08-12
·
Updated
2026-01-01
·
CVE-2024-5057
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Easy Digital Downloads versions through 3.2.12
Description
The software contains a flaw related to the improper handling of special characters within SQL commands, leading to a potential SQL injection issue. This allows for the execution of unintended SQL commands.
Recommendations
Versions prior to and including 3.2.12 should be updated.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easy Digital Downloads