Critical SQL Injection Vulnerability in Hitout Carsale OrderController.java

CVE-2024-6438

6.5MEDIUM

Key Information

Vendor: Hitout Carsale
Status: Carsale
Vendor: CVE Published:; 2 July 2024

Summary

A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 2, 2024

Collectors

NVD Database