Primary

Context

Hitout Car Sale SQL Injection Vulnerability in StoreController

Vulnerability

A SQL injection vulnerability has been identified in Hitout Car Sale version 1.0. This vulnerability allows remote attackers to access sensitive information by exploiting the orderBy parameter in the StoreController.java component.

Impact

Exploitation of this vulnerability allows for SQL injection, which could lead to unauthorized data access or manipulation.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to the '/store/getList' endpoint. The request must include the 'orderBy' parameter with a payload that exploits the application's SQL query handling, such as using SQL functions to extract database information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitout Car Sale SQL Injection Vulnerability in StoreController

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating