CVE-2024-12481 | cjbi wetech-cms 1.0/1.1/1.2 UserDao.java findUser searchValue/gId/rId sql injection

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-masterwetech-coresrcmainjavatechwetechcmsdaoUserDao.java. The manipulation of the argument searchValue/gId/rId leads to sql injection.

This vulnerability is known as CVE-2024-12481. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-12481 | cjbi wetech-cms 1.0/1.1/1.2 UserDao.java findUser searchValue/gId/rId sql injection

Post correlati

CVE-2024-52415 | Skpstorm SK WP Settings Backup Plugin up to 1.0 on WordPress cross-site request forgery

CVE-2024-46055 | OpenVidReview 1.0 review name cross site scripting

CVE-2023-47062 | Adobe Dimension up to 3.4.10 out-of-bounds (apsb23-71)

CVE-2024-27920 | projectdiscovery nuclei up to 3.1.x os command injection