CVE-2024-33266

2024-04-2920:15:08

[email protected]

web.nvd.nist.gov

sql injection

helloshop

deliveryorderautoupdate

vulnerability

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function.

References

security.friendsofpresta.org/modules/2024/04/25/deliveryorderautoupdate.html