What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through <= 2.3.3.
Explanation of Vulnerability in Simple Terms
02Summary
Actionwear products sync versions 2.3.3 and earlier contain a SQL injection vulnerability accessible to authenticated users with low privileges. An attacker can craft malicious input to extract sensitive data from the database or disrupt service availability. The vulnerability affects the entire application scope due to database access.
What an attacker can do
03Attacker Capabilities
Read sensitive data from the database or cause service disruption through SQL injection.
Potential impact on your site
04Site Impact
Unauthorized access to database contents and potential service downtime affecting all users.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
April 1, 2025
CVE published
May 12, 2026
Record updated