A vulnerability was found in Hero hfheropayment up to 1.2.5 and classified as critical. This issue affects the function
HfHeropaymentGatewayBackModuleFrontController::initContent
. The manipulation leads to sql injection.
The identification of this vulnerability is CVE-2024-33267. The attack may be initiated remotely. There is no exploit available.