CVE-2024-33267 | Hero hfheropayment up to 1.2.5 initContent sql injection

Inserito da Angelo Barbosa | Apr 30, 2024 | CVE

A vulnerability was found in Hero hfheropayment up to 1.2.5 and classified as critical. This issue affects the function HfHeropaymentGatewayBackModuleFrontController::initContent. The manipulation leads to sql injection.

The identification of this vulnerability is CVE-2024-33267. The attack may be initiated remotely. There is no exploit available.

CVE-2024-33267 | Hero hfheropayment up to 1.2.5 initContent sql injection

Post correlati

CVE-2023-6556 | FOX Plugin up to 1.4.1.6 on WordPress authorization

CVE-2024-36011 | Linux Kernel up to 6.6.30/6.8.9 Bluetooth hci_le_big_sync_established_evt null pointer dereference (1f7ebb69c1d6/9f3be61f55d4/d2706004a1b8)

CVE-2024-42059 | Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN up to 5.38 FTP os command injection

CVE-2024-44577 | Relyum RELY-PCIe up to 23.1.0 time_date command injection