Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sun, 12 Jul 2026 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item_number results in sql injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | AojiaoZero Antaris PayPal IPN Payment ipn.php _rewardPurchase sql injection | |
| First Time appeared |
Aojiaozero
Aojiaozero antaris |
|
| Weaknesses | CWE-74 CWE-89 |
|
| CPEs | cpe:2.3:a:aojiaozero:antaris:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Aojiaozero
Aojiaozero antaris |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-12T12:45:07.222Z
Reserved: 2026-07-11T12:49:06.454Z
Link: CVE-2026-15502
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-12T22:00:13Z