CVE-2024-1971 | Surya2Developer Online Shopping System 1.0 POST Parameter login.php password sql injection

Inserito da Angelo Barbosa | Feb 28, 2024 | CVE

A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input nochizplz'+or+1%3d1+limit+1%23 leads to sql injection.

This vulnerability is known as CVE-2024-1971. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-1971 | Surya2Developer Online Shopping System 1.0 POST Parameter login.php password sql injection

Post correlati

CVE-2023-48772 | Arul Prasad J Prevent Landscape Rotation Plugin up to 2.0 on WordPress cross-site request forgery

CVE-2024-26578 | Apache Answer up to 1.2.1 Registration race condition

CVE-2023-7098 | icret EasyImages 2.8.3 app/hide.php key path traversal

CVE-2024-2074 | Mini-Tmall up to 20231017 ?r=tmall/admin/user/1/1 orderBy sql injection