CVE-2024-10947 | Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System sql injection

A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. The manipulation of the argument bookrecno leads to sql injection.

This vulnerability was named CVE-2024-10947. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10947 | Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System sql injection

Post correlati

CVE-2024-41951 | AkshuDev PheonixAppAPI up to 0.2.3 Language Encoding nonce re-use

CVE-2024-34577 | Elecom WRC-X3000GS2-B/WRC-X3000GS2-W/WRC-X3000GS2A-B up to 1.08 easysetup.cgi cross site scripting

CVE-2024-4608 | SellKit Plugin up to 1.9.8 on WordPress id cross site scripting

CVE-2024-35212 | Siemens SINEC Traffic Analyzer up to 1.1 information disclosure (ssa-196737)