CVE-2024-1258

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.
References
Link Resource
https://note.zhaoj.in/share/XblX1My7jNV7 Broken Link
https://vuldb.com/?ctiid.252997 Permissions Required Third Party Advisory
https://vuldb.com/?id.252997 Third Party Advisory
https://vuldb.com/?submit.277418
Configurations

Configuration 1 (hide)

cpe:2.3:a:juanpao:jpshop:*:*:*:*:*:*:*:*

History

29 Apr 2024, 12:15

Type Values Removed Values Added
References
  • () https://vuldb.com/?submit.277418 -

13 Feb 2024, 22:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9
References () https://vuldb.com/?id.252997 - () https://vuldb.com/?id.252997 - Third Party Advisory
References () https://vuldb.com/?ctiid.252997 - () https://vuldb.com/?ctiid.252997 - Permissions Required, Third Party Advisory
References () https://note.zhaoj.in/share/XblX1My7jNV7 - () https://note.zhaoj.in/share/XblX1My7jNV7 - Broken Link
First Time Juanpao
Juanpao jpshop
CPE cpe:2.3:a:juanpao:jpshop:*:*:*:*:*:*:*:*

06 Feb 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-06 21:15

Updated : 2024-05-17 02:35


NVD link : CVE-2024-1258

Mitre link : CVE-2024-1258

CVE.ORG link : CVE-2024-1258


JSON object : View

Products Affected

juanpao

  • jpshop
CWE
CWE-321

Use of Hard-coded Cryptographic Key