CyberRota
← Ana sayfaya dön

CVE-2026-15502

MEDIUM · CVSS 6.3

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-12T13:16:37.643 · Çekilme zamanı: 2026-07-12T18:35:50.047125+00:00

CyberRota Yorumu

SQL Injection riski içeriyor. Uzaktan istismar edilebilir olabilir.

CVE
CVE-2026-15502
Severity
MEDIUM
CVSS
6.3
EPSS
Yok

Orijinal NVD Açıklaması

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item_number results in sql injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.