This allowed for remote attackers to execute arbitrary SQL commands or cause data leakage by running arbitrary queries. This issue was resolved by properly filtering the input data.
An insecure direct object reference vulnerability was found in the component /order.php. The variable $order_id is directly referenced in the function get_order() which can be accessed by an attacker. In order to exploit this issue, an attacker needs to force the victim to access the component via a malicious link or in a specially crafted request.
An insecure direct object reference vulnerability was found in the component /order.php. The variable $order_id is directly referenced in the function get_order() which can be accessed by an attacker. In order to exploit this issue, an attacker needs to force the victim to access the component via a malicious link or in a specially crafted request.
An insecure direct object reference vulnerability was found in the component /order.php. The variable $order_id is directly referenced in the function get_order() which can be accessed by an attacker. In order to exploit this issue, an attacker needs to force the victim to access the component via a malicious link or in a specially crafted request.
An insecure direct object reference vulnerability was found in the component /order.php. The variable $order_id is directly referenced in the function get_order() which can be accessed by an attacker
Vendor Information N/A
Timeline
Published on: 09/02/2022 03:15:00 UTC
Last modified on: 09/07/2022 19:18:00 UTC