Vulnerability
SQL Injection in Hikeshop via data[order][payment] parameter version < 4.7.3
Description
The Application does not sanitize or escape data[order][payment] parameter, making it vulnerable to sql injection.
CVE-ID
CVE-2023-38044
Vendor
HikaShop
Product
Joomla Extension Hikeshop
Disclosure Timeline
Reported On 06-07-2023
Made Public On:
Fixed On: Not Fixed
Credits
Vishal and Siva