2 matches found
CVE-2024-28393
SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess method...
CVE-2024-28393
CVE-2024-28393 is a SQL injection vulnerability affecting Scalapay v1.2.41 and earlier. The root cause, as documented across sources, is an injectable input path in ScalapayReturnModuleFrontController::postProcess(), enabling a remote attacker to escalate privileges. The CVSS‑3.1 base score is 9....