A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. The vulnerability is exploitable via the id parameter.
https://github.com/abantecart/abantecart-src
https://chiggerlor.substack.com/p/cve-2024-50801-and-and-cve-2024-50802