CVE-2024-50802

Published Oct 31, 2024

Last updated 13 days ago

CVSS medium 6.0

Overview

Description
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6
Impact score
4.7
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2024-50802 SQL Injection Vulnerability in AbanteCart 1.4.0 Exposes Critical Data AbanteCart 1.4.0 has a SQL Injection vulnerability in the update() function. This issue is found in public_html/admin/controlle... https://t.co/wCAeonYoq9

    @VulmonFeeds

    31 Oct 2024

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-50802 A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. … https://t.co/3E2HwmthPy

    @CVEnew

    31 Oct 2024

    297 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References