CVE-2024-8150 | ContiNew Admin 3.2.0 user sort sql injection

A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /api/system/user?deptId=1&page=1&size=10. The manipulation of the argument sort leads to sql injection.

This vulnerability is handled as CVE-2024-8150. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-8150 | ContiNew Admin 3.2.0 user sort sql injection

Related Posts

CVE-2024-33697 | Rimes Gold CF7 File Download Plugin up to 2.0 on WordPress cross site scripting

CVE-2024-27364 | Samsung Exynos W93 slsi_rx_roamed_ind heap-based overflow

CVE-2024-42627 | FrogCMS 0.9.5 cross-site request forgery

CVE-2024-33117 | crmeb_java 1.3.4 com.zbkj.front.pub.ImageMergeController mergeList server-side request forgery