A vulnerability classified as critical was found in xmall 1.1. Affected by this vulnerability is an unknown functionality. The manipulation of the argument orderDir leads to sql injection.
This vulnerability is known as CVE-2024-24112. Access to the local network is required for this attack to succeed. There is no exploit available.