High severity8.2NVD Advisory· Published May 20, 2024· Updated Jun 17, 2026
CVE-2024-34949
CVE-2024-34949
Description
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
Affected products
2- Likeshop/Likeshopdescription
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.