2 matches found
CVE-2024-33273
SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function...
CVE-2024-33273
SQL injection in shipup prior to v3.3.0 allows remote attacker to escalate privileges via the getShopID function. Root cause: unsafely constructed SQL through getShopID leads to high-impact compromise (C, I, A) with network attacker and no user interaction. Affected: shipup versions before 3.3.0....