CVE-2024-3720 | Tianwell Fire Intelligent Command Platform 1.1.1.1 API Interface /mfsNotice/page gsdwid sql injection

Posted by Angelo Barbosa | Apr 12, 2024 | CVE

A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection.

This vulnerability was named CVE-2024-3720. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-3720 | Tianwell Fire Intelligent Command Platform 1.1.1.1 API Interface /mfsNotice/page gsdwid sql injection

Related Posts

CVE-2024-8877 | Riello Netman 204 up to 4.05 sql injection

CVE-2024-25138 | AutomationDirect C-MORE EA9 HMI up to 6.77 credentials storage (icsa-24-086-01)

CVE-2023-52486 | Linux Kernel up to 6.7.2 DRM drm_mode_page_flip_ioctl deadlock

CVE-2024-33537 | Theme Horse WP Portfolio Plugin up to 2.4 on WordPress cross site scripting