CVE-2024-33267 | Hero hfheropayment up to 1.2.5 initContent sql injection

Inserito da Angelo Barbosa | Apr 30, 2024 | CVE

A vulnerability was found in Hero hfheropayment up to 1.2.5 and classified as critical. This issue affects the function HfHeropaymentGatewayBackModuleFrontController::initContent. The manipulation leads to sql injection.

The identification of this vulnerability is CVE-2024-33267. The attack may be initiated remotely. There is no exploit available.

CVE-2024-33267 | Hero hfheropayment up to 1.2.5 initContent sql injection

Post correlati

CVE-2023-38055 | easyappointments up to 1.4.x /services/{serviceId} authorization

CVE-2024-42364 | gethomepage up to 0.9.1 dns rebinding (GHSL-2024-096)

CVE-2024-29732 | Abast SCAN_VISIO eDocument Suite Web Viewer 3.28.1 user sql injection

CVE-2020-12612 | BeyondTrust Privilege Management up to 5.6 on Windows Environment Variable Local Privilege Escalation