CVE-2024-50801

CVSS v3.1

6.0

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.0

Description: A SQL Injection issue was discovered in the update() function within the public html/admin/controller/responses/listing grid/collections.php file. The issue is exploitable via the id parameter.

Recommendations: For AbanteCart version 1.4.0, consider disabling the update() function in the public html/admin/controller/responses/listing grid/collections.php file until a patch is available. Restrict access to the id parameter in the affected API endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-50801

Affected Products

Abantecart

CVE-2024-50801

Weakness Enumeration

Related Identifiers

Affected Products

References · 7