exploitDog

CVE-2024-50802

Опубликовано: 31 окт. 2024

Источник: nvd

CVSS3: 6

EPSS Низкий

Описание

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter.

Ссылки

https://chiggerlor.substack.com/p/cve-2024-50801-and-and-cve-2024-50802
Exploit
Third Party Advisory
https://github.com/abantecart/abantecart-src
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:abantecart:abantecart:1.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00058

Низкий

6 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-cc33-c78g-m59p

CVSS3: 6

github

больше 1 года назад

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter.

EPSS

Процентиль: 18%

0.00058

Низкий

6 Medium

CVSS3

Дефекты

CWE-89