6Şub
CVE-2024-1258 | Juanpao JPShop up to 1.5.02 API api/config/params.php JWT_KEY_ADMIN hard-coded key
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . This vulnerability is known as CVE-2024-1258. The attack needs to be done within the local network. Furthermore, there is an exploit available.