Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-28198

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.

Published

2025-04-15T16:16:06.137

Last Modified

2025-04-22T18:24:06.670

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitstiresoftware	hitout_car_sale	1.0	Yes

References

https://github.com/Hitout/carsale/issues/24 Exploit, Issue Tracking ([email protected])