CVE-2024-10546 | open-scratch Teaching 在线教学平台 up to 2.7 URL getDictItemsByTable sql injection

Inserito da Angelo Barbosa | Ott 30, 2024 | CVE

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection.

This vulnerability was named CVE-2024-10546. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10546 | open-scratch Teaching 在线教学平台 up to 2.7 URL getDictItemsByTable sql injection

Post correlati

CVE-2024-5702 | Mozilla Firefox up to 124 Networking Stack memory corruption

CVE-2024-23622 | IBM Merge Healthcare eFilm Workstation up to 4.2 stack-based overflow

CVE-2024-24320 | MGT-COMMERCE CloudPanel up to 2.4.0 load-logfiles service path traversal

CVE-2024-23902 | GitLab Branch Source Plugin up to 684.vea_fa_7c1e2fe3 on Jenkins POST Request cross-site request forgery