CVE-2024-10195 | Tecno 4G Portable WiFi TR118 V008-20220830 SMS Check goform_get_cmd_process order_by sql injection

Inserito da Angelo Barbosa | Ott 19, 2024 | CVE

A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goform_get_cmd_process of the component SMS Check. The manipulation of the argument order_by leads to sql injection.

This vulnerability is known as CVE-2024-10195. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10195 | Tecno 4G Portable WiFi TR118 V008-20220830 SMS Check goform_get_cmd_process order_by sql injection

Post correlati

CVE-2024-3785 | White Bear Solutions WBSAirback 21.02.04 Device NAS Shared Section /admin/DeviceNAS Privilege Escalation

CVE-2024-7688 | AZIndex Plugin up to 0.8.1 on WordPress cross-site request forgery

CVE-2023-48615 | Adobe Experience Manager AEM Cloud Service/6.5.18.0 cross site scripting (APSB23-72)

CVE-2024-47080 | matrix-org matrix-js-sdk up to 34.8.0 MatrixClient.sendSharedHistoryKeys information disclosure (GHSA-4jf8-g8wp-cx7c)