CVE-2024-10947 | Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System sql injection

A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. The manipulation of the argument bookrecno leads to sql injection.

This vulnerability was named CVE-2024-10947. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10947 | Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System sql injection

Post correlati

CVE-2024-30441 | PickPlugins Post Grid Plugin up to 2.2.74 on WordPress cross site scripting

CVE-2023-52588 | Linux Kernel up to 5.15.148/6.1.76/6.6.15/6.7.3 f2fs Privilege Escalation

CVE-2024-0537 | Tenda W9 1.0.0.7(4456) httpd setWrlBasicInfo ssidIndex stack-based overflow

CVE-2023-41918 | Kiloview P1/P2 up to 4.8.2605 ACL missing authentication (NCSC-2024-0273)