SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function.
References
Configurations
No configuration.
History
06 Sep 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
Summary |
|
|
CWE | CWE-89 |
29 Apr 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-29 20:15
Updated : 2024-09-06 19:35
NVD link : CVE-2024-33266
Mitre link : CVE-2024-33266
CVE.ORG link : CVE-2024-33266
JSON object : View
Products Affected
No product.
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')