A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key
.
This vulnerability is known as CVE-2024-1258. The attack needs to be done within the local network. Furthermore, there is an exploit available.