VYPR
High severity8.2NVD Advisory· Published May 20, 2024· Updated Jun 17, 2026

CVE-2024-34949

CVE-2024-34949

Description

SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.