CVE-2024-50802

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.0

Description: A SQL Injection issue was discovered in the update() function in public html/admin/controller/responses/listing grid/email templates.php. The issue is exploitable via the id parameter.

Recommendations: For AbanteCart version 1.4.0, consider restricting access to the update() function in public html/admin/controller/responses/listing grid/email templates.php to minimize the risk of exploitation. Avoid using the id parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.