SQL Injection Vulnerability in E-Negosyo System
CVE-2024-33957
7.5HIGH
What is CVE-2024-33957?
A SQL injection vulnerability exists in version 1.0 of the E-Negosyo System, where an attacker can exploit this flaw by sending a specifically crafted query to the server. This allows the unauthorized retrieval of sensitive information stored in the 'id' parameter of the '/admin/orders/controller.php' file. It is crucial for users and administrators of the E-Negosyo System to apply necessary updates and patches to secure their systems against potential exploitation.
Affected Version(s)
E-Negosyo System 1.0