CVE-2024-6438

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6438

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6438.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6438

Published

2024-07-02T11:15:11Z

Modified

2025-01-14T12:18:44.393140Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/hitout/carsale

Affected ranges

Type: GIT
Repo: https://github.com/hitout/carsale
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a77b1732eb39dd08e01b4921090767786e11ae36

Affected versions

1.*

1.0