CVE-2024-33267

2024-04-3000:00:00

mitre

www.cve.org

sql injection

hero hfheropayment

privilege escalation

hfheropaymentgatewaybackmodulefrontcontroller

8.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function.

References

security.friendsofpresta.org/modules/2024/04/29/hfheropayment.html

www.heropay.eu/