Created
September 6, 2024 08:09
-
-
Save X1lyS/75a8ea48c4997b683e8b41c94e79e5f9 to your computer and use it in GitHub Desktop.
CVE-2024-43040-details
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CVE ID] | |
CVE-2024-43040 | |
[PRODUCT] | |
Renwoxing Enterprise Intelligent Management System | |
[VERSION] | |
<V3.0 | |
[PROBLEM TYPE] | |
SQL Injection | |
[DESCRIPTION] | |
In version 3.0 of the Renwoxing Enterprise Smart Management System, | |
the information query interface "/fx/baseinfo/SearchInfo" does not perform adequate input validation for the model[parid] and model[content] parameters. | |
Attackers can inject malicious SQL code into these parameters to execute unauthorized SQL queries. | |
This vulnerability enables attackers to access data in the database, posing a serious threat to the system's security. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment