CVE-2024-34949

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
20/05/2024
Last modified:
30/06/2025

Description

SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:likeshop:likeshop:*:*:*:*:*:*:*:* 2.5.7 (excluding)