CVE-2024-33266

2024-04-2900:00:00

mitre

www.cve.org

sql injection

helloshop

deliveryorderautoupdate

8.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function.

References

security.friendsofpresta.org/modules/2024/04/25/deliveryorderautoupdate.html