Skip to content

Instantly share code, notes, and snippets.

@X1lyS
Created September 6, 2024 08:09
Show Gist options
  • Save X1lyS/75a8ea48c4997b683e8b41c94e79e5f9 to your computer and use it in GitHub Desktop.
Save X1lyS/75a8ea48c4997b683e8b41c94e79e5f9 to your computer and use it in GitHub Desktop.
CVE-2024-43040-details
[CVE ID]
CVE-2024-43040
[PRODUCT]
Renwoxing Enterprise Intelligent Management System
[VERSION]
<V3.0
[PROBLEM TYPE]
SQL Injection
[DESCRIPTION]
In version 3.0 of the Renwoxing Enterprise Smart Management System,
the information query interface "/fx/baseinfo/SearchInfo" does not perform adequate input validation for the model[parid] and model[content] parameters.
Attackers can inject malicious SQL code into these parameters to execute unauthorized SQL queries.
This vulnerability enables attackers to access data in the database, posing a serious threat to the system's security.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment