CVE-2024-58290

Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2

Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based, and UNION-based SQL injection techniques can be used to extract or manipulate database information by sending crafted payloads to the collections page. The API endpoint affected is '/collections'. The vulnerable parameter is id.

Recommendations Apply a fix to sanitize the id parameter in the collections endpoint to prevent SQL injection. As a temporary workaround, restrict access to the collections endpoint to minimize the risk of exploitation.