CRITICAL🇵🇱 Wersja polska

CVE-2024-24112

CVSS 9.8v3.1pub. 2024-02-06upd. 2025-05-08

xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.

🤖 AI Analysis
How it works

The vulnerability results from a lack of proper validation and sanitization of input data passed through the orderDir parameter. An attacker can inject malicious SQL code directly into the query directed at the database. The attack does not require authentication or any user interaction, and the network vector makes it possible to carry out remotely.

Impact

An attacker can gain unauthorized access to sensitive data stored in the database, modify or delete its contents, and in certain configurations potentially take control of the database server.

Mitigation & patch

Patches available from the vendor should be applied according to references. It is also recommended to implement parameterized SQL queries (prepared statements) and additional input validation on the server side.

Who is affected

Exrick XMall version 1.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Exrick Xmall

    APP
    Exrick
    1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-45612CRITICAL9.8PL ✓ten sam produkt

Obejście uwierzytelnienia w Exrick Xmall v1.1 poprzez crafted GET request

CVE-2025-28399CRITICAL9.8PL ✓ten sam produkt

Eskalacja uprawnień w Exrick Xmall przez metodę updateAddress

CVE-2023-36331HIGH8.2ten sam produkt

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access oth...

CVE-2025-65540MEDIUM6.1ten sam produkt

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-suppl...

CVE-2021-43432MEDIUM6.1ten sam produkt

A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET para...