CVE-2024-25248
- Reference to the description:
- Description:
- SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter.
- Last updated date:
- 02/14/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/14/2025
- Reference url to background
https://harryha.substack.com/p/phuong-phap-phan-tich-ma-nguon-tim-lo-hong