CVE-2024-0729 | ForU CMS up to 2020-06-23 cms_admin.php a_name sql injection

Posted by Angelo Barbosa | Jan 19, 2024 | CVE

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection.

This vulnerability is handled as CVE-2024-0729. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

CVE-2024-0729 | ForU CMS up to 2020-06-23 cms_admin.php a_name sql injection

Related Posts

CVE-2024-41173 | Beckhoff IPC Diagnostics Package/TwinCAT BSD authentication bypass (VDE-2024-045)

CVE-2024-52029 | Netgear R7000P 1.3.3.154 POST Request genie_pptp.cgi pptp_user_netmask stack-based overflow

CVE-2024-3024 | appneta tcpreplay up to 4.4.4 get.c get_layer4_v6 heap-based overflow

CVE-2024-6252 | Zorlan SkyCaiji up to 2.8 Task onerror cross site scripting