Beware of SQL Injection Attacks on Delhivery Logistics Courier

CVECVE-2024-22283
CVSScvssV3_1: 8.5
SourceCVE-2024-22283

The CVE-2024-22283 vulnerability affects Delhivery Logistics Courier versions prior to 1.0.107. This vulnerability is an SQL Injection flaw that allows attackers to interfere with queries that the application passes to its backend SQL database.

SQL Injection occurs when user-supplied input is inserted into an SQL query without being properly sanitized. A malicious user could craft input containing SQL keywords and operators that could allow them to influence the structure and results of the executed query. This could enable actions like data extraction, modification of the database contents, or execution of administrative commands.

In the case of Delhivery Logistics Courier, attackers could potentially exploit this vulnerability to view or modify data in the application’s database. They may be able to retrieve sensitive information like user credentials, payment details etc.

To protect yourself, users should update their Delhivery Logistics Courier installation to version 1.0.107 or later which fixes this issue. It is also recommended to use strong and unique passwords. Application developers should properly sanitize and validate all user input before using it in SQL queries to prevent SQL Injection attacks.

References