CVE-2024-1258

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:juanpao:jpshop:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://note.zhaoj.in/share/XblX1My7jNV7 - Broken Link () https://note.zhaoj.in/share/XblX1My7jNV7 - Broken Link
References () https://vuldb.com/?ctiid.252997 - Permissions Required, Third Party Advisory () https://vuldb.com/?ctiid.252997 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.252997 - Third Party Advisory () https://vuldb.com/?id.252997 - Third Party Advisory
References () https://vuldb.com/?submit.277418 - () https://vuldb.com/?submit.277418 -
CVSS v2 : 1.8
v3 : 5.9
v2 : 1.8
v3 : 3.1

29 Apr 2024, 12:15

Type Values Removed Values Added
References
  • () https://vuldb.com/?submit.277418 -

13 Feb 2024, 22:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9
CPE cpe:2.3:a:juanpao:jpshop:*:*:*:*:*:*:*:*
References () https://vuldb.com/?id.252997 - () https://vuldb.com/?id.252997 - Third Party Advisory
References () https://vuldb.com/?ctiid.252997 - () https://vuldb.com/?ctiid.252997 - Permissions Required, Third Party Advisory
References () https://note.zhaoj.in/share/XblX1My7jNV7 - () https://note.zhaoj.in/share/XblX1My7jNV7 - Broken Link
First Time Juanpao
Juanpao jpshop

06 Feb 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-06 21:15

Updated : 2024-11-21 08:50


NVD link : CVE-2024-1258

Mitre link : CVE-2024-1258

CVE.ORG link : CVE-2024-1258


JSON object : View

Products Affected

juanpao

  • jpshop
CWE
CWE-321

Use of Hard-coded Cryptographic Key