Submit #366239: Hitout carsale V1.0 SQL Injectioninfo

TitleHitout carsale V1.0 SQL Injection
DescriptionSQL injection vulnerability in Hitout litemall v.1.0 allows a remote attacker to obtain sensitive information via the orderBy parameters of the OrderController.java component.
Source⚠️ https://github.com/Hitout/carsale/issues/23
User
 Tmac (UID 71244)
Submission06/29/2024 04:58 AM (2 years ago)
Moderation07/02/2024 06:52 AM (3 days later)
StatusAccepted
VulDB entry270166 [Hitout Carsale 1.0 OrderController.java orderBy sql injection]
Points15

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!