1 results (0.001 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33268
https://notcve.org/view.php?id=CVE-2024-33268
29 Apr 2024 — SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method. Una vulnerabilidad de inyección SQL en Digincube mdgiftproduct anterior a 1.4.1 permite a un atacante ejecutar comandos SQL arbitrarios a través del método MdGiftRule::addGiftToCart. • https://security.friendsofpresta.org/modules/2024/04/25/mdgiftproduct.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •