CVE-2024-52474

Name of the Vulnerable Software and Affected Versions Express Payments Module versions n/a through 1.1.8

Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or manipulation of data.

Recommendations For versions n/a through 1.1.8, consider disabling the SQL functionality or restricting access to the Express Payments Module until a patch is available. As a temporary workaround, avoid using user-input data in SQL commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.