Code Injection Vulnerability in MaianAffiliate v.1.0 Allows Unauthorized Product Addition and Payload Reflection

Code Injection Vulnerability in MaianAffiliate v.1.0 Allows Unauthorized Product Addition and Payload Reflection

CVE-2021-39402 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.

Learn more about our Web Application Penetration Testing UK.