CVE-2024-24112 | xmall 1.1 orderDir sql injection (Issue 78)

Posted by Angelo Barbosa | Feb 6, 2024 | CVE

A vulnerability classified as critical was found in xmall 1.1. Affected by this vulnerability is an unknown functionality. The manipulation of the argument orderDir leads to sql injection.

This vulnerability is known as CVE-2024-24112. Access to the local network is required for this attack to succeed. There is no exploit available.

CVE-2024-24112 | xmall 1.1 orderDir sql injection (Issue 78)

Related Posts

CVE-2023-51610 | Kofax Power PDF JP2 File Parser use after free (ZDI-23-1911)

CVE-2024-22426 | Dell RecoverPoint for Virtual Machines up to 5.3 SP3 P2 os command injection (dsa-2024-092)

CVE-2023-6956 | EasyAzon Plugin up to 5.1.0 on WordPress easyazon-cloaking-locale cross site scripting

CVE-2022-48719 | Linux Kernel up to 5.16.7 neigh __neigh_event_send deadlock (203a35ebb49c/4a81f6da9cb2)