CVE-2024-33266
CVE-2024-33266: SQL injection in Helloshop deliveryorderautoupdate up to v2.8.1 allows an attacker to execute arbitrary SQL via DeliveryorderautoupdateOrdersModuleFrontController::initContent. Root cause is unsafe handling of input in that controller, leading to unauthorized DB queries with poten...