CVE-2024-33273

SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function...

CVE-2024-33273

SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in versions prior to PrestaShop shipup v.3.3.0, which originates from allowin...

PT-2024-25184 · Shipup · Shipup

Name of the Vulnerable Software and Affected Versions: shipup versions prior to 3.3.0 Description: A SQL injection issue allows a remote attacker to escalate privileges via the getShopID function. This enables the attacker to potentially gain unauthorized access to sensitive data or systems...

CVE-2024-33273

SQL injection in shipup prior to v3.3.0 allows remote attacker to escalate privileges via the getShopID function. Root cause: unsafely constructed SQL through getShopID leads to high-impact compromise (C, I, A) with network attacker and no user interaction. Affected: shipup versions before 3.3.0....

Threat Roundup for May 17 to May 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 17 and May 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...