CVE-2024-9460

Name of the Vulnerable Software and Affected Versions Codezips Online Shopping Portal version 1.0

Description A critical issue has been found in the software, allowing for SQL injection through the manipulation of the username argument in an unknown function of the file index.php. This can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For Codezips Online Shopping Portal version 1.0, as a temporary workaround, consider restricting access to the index.php file or disabling the unknown function that handles the username argument until a patch is available. Avoid using the username argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.