Beware of SQL Injection Attacks on Delhivery Logistics Courier

CVECVE-2024-22283
CVSScvssV3_1: 8.5
SourceCVE-2024-22283

The CVE-2024-22283 vulnerability affects Delhivery Logistics Courier versions prior to 1.0.107. This vulnerability is an SQL Injection flaw that allows attackers to interfere with queries that the application passes to its backend SQL database.

SQL Injection occurs when user-supplied input is inserted into an SQL query without being properly sanitized. An attacker can manipulate this input to inject additional SQL commands or clauses into the query, allowing them to access unauthorized data or perform actions on the database like modifying or deleting records.

In the case of Delhivery Logistics Courier, malicious actors could potentially exploit this vulnerability to view sensitive data in the application’s database like user credentials, payment information, or shipping addresses. They may also be able to add, modify or delete records.

To protect yourself, users should update their installation of Delhivery Logistics Courier to version 1.0.107 or later which fixes this issue. It’s also generally a good idea to use strong and unique passwords for all your online accounts. Website developers should properly sanitize and validate all user input to prevent SQL Injection attacks.

References