PT-2026-57562 · Unknown · Aojiaozero Antaris

Dest1Ny_2

·

Published

2026-07-12

·

Updated

2026-07-12

·

CVE-2026-15502

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions AojiaoZero Antaris version 1.0
Description A SQL injection issue exists in the PayPal IPN Payment Handler component within the /ipn.php file. A remote attacker can exploit this by manipulating the item number argument passed to the rewardPurchase() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /ipn.php file or the rewardPurchase() function to minimize the risk of exploitation.

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15502

Affected Products

Aojiaozero Antaris