SQL Injection Vulnerability in Special Minds e-Commerce Allows Attacker Access
CVE-2024-7882

6.5MEDIUM

Key Information:

Vendor: Special Minds Design And Software
Status: E-commerce
Vendor: CVE Published:; 22 November 2024

Summary

A vulnerability exists in the e-Commerce software from Special Minds Design, allowing for SQL Injection due to improper neutralization of special elements used in SQL commands. This could enable an attacker to execute unauthorized SQL commands, potentially compromising the database and exposing sensitive data. Users of versions prior to 22.11.2024 are encouraged to review system configurations and apply necessary security updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

e-Commerce 0 < 22.11.2024

References

https://www.usom.gov.tr/bildirim/tr-24-1869

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Aug 16, 2024

Credit

Yagiz BILGILI

Privia Security Inc.