AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-50802)

Description

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter.

Remediation

References

CVE-2024-50802

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4522)

WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3810)

WordPress Plugin Content text slider on post Cross-Site Scripting (6.8)

Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2024-34750)

Severity

Medium

Classification

CVE-2024-50802 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L