Vulnerabilities > CVE-2024-1258 - Use of Hard-coded Cryptographic Key vulnerability in Juanpao Jpshop 1.5.02

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

juanpao

CWE-321

NVD

Published: 2024-02-06

Updated: 2024-05-17

Summary

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Juanpao Juanpao Jpshop - Juanpao Jpshop 1.5.02	2

Common Weakness Enumeration (CWE)

CWE-321 - Use of Hard-coded Cryptographic Key

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References