CVE-2024-6438 | Hitout Carsale 1.0 OrderController.java orderBy sql injection (Issue 23)

Posted by Angelo Barbosa | Jul 2, 2024 | CVE

A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection.

This vulnerability was named CVE-2024-6438. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-6438 | Hitout Carsale 1.0 OrderController.java orderBy sql injection (Issue 23)

Related Posts

CVE-2024-6637 | WooCommerce Social Login Plugin up to 2.7.3 on WordPress One-Time Password improper authentication

CVE-2023-6617 | SourceCodester Simple Student Attendance System 1.0 attendance.php class_id sql injection

CVE-2024-3420 | SourceCodester Online Courseware 1.0 admin/saveedit.php id sql injection

CVE-2024-36417 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 cross site scripting (GHSA-3www-6rqc-rm7j)